{"url":"http://public2.vulnerablecode.io/api/packages/1073997?format=json","purl":"pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8","type":"deb","namespace":"debian","name":"rails","version":"2.3.5-1.2+squeeze8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:7.2.3.1+dfsg-1","latest_non_vulnerable_version":"2:7.2.3.1+dfsg-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11428?format=json","vulnerability_id":"VCID-171r-59fd-2bbj","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22577","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61529","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61417","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61521","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec"},{"reference_url":"https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508"},{"reference_url":"https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b"},{"reference_url":"https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809"},{"reference_url":"https://github.com/rails/rails/pull/44635","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/pull/44635"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"},{"reference_url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221118-0002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221118-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221118-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20221118-0002/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941","reference_id":"1011941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080302","reference_id":"2080302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080302"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22577","reference_id":"CVE-2022-22577","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22577"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml","reference_id":"CVE-2022-22577.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml"},{"reference_url":"https://github.com/advisories/GHSA-mm33-5vfq-3mm3","reference_id":"GHSA-mm33-5vfq-3mm3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mm33-5vfq-3mm3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2022-22577","GHSA-mm33-5vfq-3mm3","GMS-2022-1137"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-171r-59fd-2bbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/738?format=json","vulnerability_id":"VCID-1a29-4ncr-bbgm","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0751","reference_id":"","reference_type":"","scores":[{"value":"0.08895","scoring_system":"epss","scoring_elements":"0.92778","published_at":"2026-06-13T12:55:00Z"},{"value":"0.08895","scoring_system":"epss","scoring_elements":"0.92774","published_at":"2026-06-12T12:55:00Z"},{"value":"0.08895","scoring_system":"epss","scoring_elements":"0.9275","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17"},{"reference_url":"https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6"},{"reference_url":"https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc"},{"reference_url":"https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301946","reference_id":"1301946","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301946"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751","reference_id":"CVE-2016-0751","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml","reference_id":"CVE-2016-0751.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml"},{"reference_url":"https://github.com/advisories/GHSA-ffpv-c4hm-3x6v","reference_id":"GHSA-ffpv-c4hm-3x6v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffpv-c4hm-3x6v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2016-0751","GHSA-ffpv-c4hm-3x6v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1a29-4ncr-bbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25626?format=json","vulnerability_id":"VCID-1ua6-6a16-9fde","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55193","reference_id":"","reference_type":"","scores":[{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77644","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77726","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77712","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55193","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55193"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106","reference_id":"1111106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388446","reference_id":"2388446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388446"},{"reference_url":"https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290","reference_id":"3beef20013736fd52c5dcfdf061f7999ba318290","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290"},{"reference_url":"https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b","reference_id":"568c0bc2f1e74c65d150a84b89a080949bf9eb9b","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b"},{"reference_url":"https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202","reference_id":"6a944ca4805e72050a0fbb1a461534eb760d3202","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202"},{"reference_url":"https://github.com/advisories/GHSA-76r7-hhxj-r776","reference_id":"GHSA-76r7-hhxj-r776","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-76r7-hhxj-r776"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776","reference_id":"GHSA-76r7-hhxj-r776","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2025-55193","GHSA-76r7-hhxj-r776"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ua6-6a16-9fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/740?format=json","vulnerability_id":"VCID-214c-rjny-9ud4","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0753","reference_id":"","reference_type":"","scores":[{"value":"0.02328","scoring_system":"epss","scoring_elements":"0.85233","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02328","scoring_system":"epss","scoring_elements":"0.85171","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02328","scoring_system":"epss","scoring_elements":"0.85224","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ"},{"reference_url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247"},{"reference_url":"https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/14"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301973","reference_id":"1301973","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301973"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0753","reference_id":"CVE-2016-0753","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0753"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml","reference_id":"CVE-2016-0753.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml"},{"reference_url":"https://github.com/advisories/GHSA-543v-gj2c-r3ch","reference_id":"GHSA-543v-gj2c-r3ch","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-543v-gj2c-r3ch"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2016-0753","GHSA-543v-gj2c-r3ch"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-214c-rjny-9ud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178552?format=json","vulnerability_id":"VCID-2529-ucg8-dkgy","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1857","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70772","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70669","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70759","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921335","reference_id":"921335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921335"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1857","reference_id":"CVE-2013-1857","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1857"},{"reference_url":"https://github.com/advisories/GHSA-j838-vfpq-fmf2","reference_id":"GHSA-j838-vfpq-fmf2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j838-vfpq-fmf2"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2013-1857","GHSA-j838-vfpq-fmf2","OSV-91454"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2529-ucg8-dkgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202850?format=json","vulnerability_id":"VCID-2b1z-1k24-kfb8","summary":"The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the \"typed XML\" feature and a MySQL database.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2013/02/06/7","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2013/02/06/7"},{"reference_url":"http://openwall.com/lists/oss-security/2013/04/24/7","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2013/04/24/7"},{"reference_url":"http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3221","reference_id":"","reference_type":"","scores":[{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65651","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65749","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65763","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3221","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3221"},{"reference_url":"https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=954365","reference_id":"954365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=954365"},{"reference_url":"https://github.com/advisories/GHSA-f57c-hx33-hvh8","reference_id":"GHSA-f57c-hx33-hvh8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f57c-hx33-hvh8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2013-3221","GHSA-f57c-hx33-hvh8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2b1z-1k24-kfb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9082?format=json","vulnerability_id":"VCID-2s57-9frf-4qhk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22904","reference_id":"","reference_type":"","scores":[{"value":"0.03338","scoring_system":"epss","scoring_elements":"0.87573","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03338","scoring_system":"epss","scoring_elements":"0.87621","published_at":"2026-06-13T12:55:00Z"},{"value":"0.03338","scoring_system":"epss","scoring_elements":"0.87615","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v5.2.4.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v5.2.4.6"},{"reference_url":"https://github.com/rails/rails/releases/tag/v5.2.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v5.2.6"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.0.3.7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.0.3.7"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.3.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.3.2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ"},{"reference_url":"https://hackerone.com/reports/1101125","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1101125"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22904","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22904"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210805-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210805-0009/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961379","reference_id":"1961379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961379"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214","reference_id":"988214","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214"},{"reference_url":"https://security.archlinux.org/AVG-1920","reference_id":"AVG-1920","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1920"},{"reference_url":"https://security.archlinux.org/AVG-1921","reference_id":"AVG-1921","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1921"},{"reference_url":"https://security.archlinux.org/AVG-2090","reference_id":"AVG-2090","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2090"},{"reference_url":"https://security.archlinux.org/AVG-2223","reference_id":"AVG-2223","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2223"},{"reference_url":"https://github.com/advisories/GHSA-7wjx-3g7j-8584","reference_id":"GHSA-7wjx-3g7j-8584","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7wjx-3g7j-8584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2021-22904","GHSA-7wjx-3g7j-8584"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2s57-9frf-4qhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15119?format=json","vulnerability_id":"VCID-2uka-fwza-dyfc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792","reference_id":"","reference_type":"","scores":[{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.85053","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.84992","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.85044","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800","reference_id":"2164800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115","reference_id":"82115","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115"},{"reference_url":"https://www.debian.org/security/2023/dsa-5372","reference_id":"dsa-5372","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://www.debian.org/security/2023/dsa-5372"},{"reference_url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj","reference_id":"GHSA-p84v-45xj-wwqj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007/","reference_id":"ntap-20240202-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2023-22792","GHSA-p84v-45xj-wwqj","GMS-2023-58"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2uka-fwza-dyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111937?format=json","vulnerability_id":"VCID-34kh-7cbr-s7b9","summary":"security update","references":[{"reference_url":"http://openwall.com/lists/oss-security/2014/07/02/5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/07/02/5"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0877.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0877.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3483","reference_id":"","reference_type":"","scores":[{"value":"0.00924","scoring_system":"epss","scoring_elements":"0.7646","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00924","scoring_system":"epss","scoring_elements":"0.76545","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00924","scoring_system":"epss","scoring_elements":"0.7653","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J"},{"reference_url":"https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4"},{"reference_url":"https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341"},{"reference_url":"http://www.debian.org/security/2014/dsa-2982","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1114427","reference_id":"1114427","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1114427"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3483","reference_id":"CVE-2014-3483","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3483"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml","reference_id":"CVE-2014-3483.YML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml"},{"reference_url":"https://github.com/advisories/GHSA-r8fh-hq2p-7qhq","reference_id":"GHSA-r8fh-hq2p-7qhq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r8fh-hq2p-7qhq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0877","reference_id":"RHSA-2014:0877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0877"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073999?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1"}],"aliases":["CVE-2014-3483","GHSA-r8fh-hq2p-7qhq","OSV-108665"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34kh-7cbr-s7b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178547?format=json","vulnerability_id":"VCID-39m4-12ms-skh2","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0277","reference_id":"","reference_type":"","scores":[{"value":"0.06742","scoring_system":"epss","scoring_elements":"0.91529","published_at":"2026-06-13T12:55:00Z"},{"value":"0.06742","scoring_system":"epss","scoring_elements":"0.91491","published_at":"2026-06-11T12:55:00Z"},{"value":"0.06742","scoring_system":"epss","scoring_elements":"0.91522","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277"},{"reference_url":"http://securitytracker.com/id?1028109","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securitytracker.com/id?1028109"},{"reference_url":"https://github.com/rails/rails/tree/v6.1.4.1/activerecord","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/tree/v6.1.4.1/activerecord"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2620","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2620"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/11/6","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/11/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909633","reference_id":"909633","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909633"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0277","reference_id":"CVE-2013-0277","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0277"},{"reference_url":"https://puppet.com/security/cve/cve-2013-0277","reference_id":"CVE-2013-0277","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-0277"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml","reference_id":"CVE-2013-0277.YML","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml"},{"reference_url":"https://github.com/advisories/GHSA-fhj9-cjjh-27vm","reference_id":"GHSA-fhj9-cjjh-27vm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fhj9-cjjh-27vm"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2013-0277","GHSA-fhj9-cjjh-27vm","OSV-90073"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39m4-12ms-skh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11544?format=json","vulnerability_id":"VCID-3e1p-t61q-xfft","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23633","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49204","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49049","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"},{"reference_url":"https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240119-0013","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240119-0013"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240119-0013/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20240119-0013/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/02/11/5","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/02/11/5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389","reference_id":"1005389","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063149","reference_id":"2063149","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063149"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23633","reference_id":"CVE-2022-23633","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23633"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml","reference_id":"CVE-2022-23633.YML","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml"},{"reference_url":"https://github.com/advisories/GHSA-wh98-p28r-vrc9","reference_id":"GHSA-wh98-p28r-vrc9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh98-p28r-vrc9"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9","reference_id":"GHSA-wh98-p28r-vrc9","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2022-23633","GHSA-wh98-p28r-vrc9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3e1p-t61q-xfft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20041?format=json","vulnerability_id":"VCID-3k19-3heq-dufq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41128","reference_id":"","reference_type":"","scores":[{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68757","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68652","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68744","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376","reference_id":"1085376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376"},{"reference_url":"https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075","reference_id":"27121e80f6dbb260f5a9f0452cd8411cb681f075","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075"},{"reference_url":"https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef","reference_id":"b0fe99fa854ec8ff4498e75779b458392d1560ef","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef"},{"reference_url":"https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891","reference_id":"b1241f468d1b32235f438c2e2203386e6efd3891","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891"},{"reference_url":"https://access.redhat.com/security/cve/cve-2024-41128","reference_id":"cve-2024-41128","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://access.redhat.com/security/cve/cve-2024-41128"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41128","reference_id":"CVE-2024-41128","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41128"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml","reference_id":"CVE-2024-41128.YML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml"},{"reference_url":"https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd","reference_id":"fb493bebae1a9b83e494fe7edbf01f6167d606fd","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd"},{"reference_url":"https://github.com/advisories/GHSA-x76w-6vjr-8xgj","reference_id":"GHSA-x76w-6vjr-8xgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x76w-6vjr-8xgj"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj","reference_id":"GHSA-x76w-6vjr-8xgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319036","reference_id":"show_bug.cgi?id=2319036","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319036"},{"reference_url":"https://usn.ubuntu.com/7290-1/","reference_id":"USN-7290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2024-41128","GHSA-x76w-6vjr-8xgj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3k19-3heq-dufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202582?format=json","vulnerability_id":"VCID-3nsx-u3u3-7fh7","summary":"The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.","references":[{"reference_url":"http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts"},{"reference_url":"http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/","reference_id":"","reference_type":"","scores":[],"url":"http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/"},{"reference_url":"http://openwall.com/lists/oss-security/2013/01/03/12","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2013/01/03/12"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6497","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60998","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61104","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61112","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497"},{"reference_url":"https://github.com/binarylogic/authlogic","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/binarylogic/authlogic"},{"reference_url":"https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873"},{"reference_url":"https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee"},{"reference_url":"https://github.com/binarylogic/authlogic/pull/341","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/binarylogic/authlogic/pull/341"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6497","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6497"},{"reference_url":"https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084"},{"reference_url":"https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html"},{"reference_url":"https://github.com/advisories/GHSA-rx7j-mw4c-76g9","reference_id":"GHSA-rx7j-mw4c-76g9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rx7j-mw4c-76g9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2012-6497","GHSA-rx7j-mw4c-76g9","OSV-89064"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3nsx-u3u3-7fh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/493?format=json","vulnerability_id":"VCID-3qsf-qm7w-y7be","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7577","reference_id":"","reference_type":"","scores":[{"value":"0.01209","scoring_system":"epss","scoring_elements":"0.79462","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01209","scoring_system":"epss","scoring_elements":"0.7938","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01209","scoring_system":"epss","scoring_elements":"0.79447","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/10","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301957","reference_id":"1301957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301957"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7577","reference_id":"CVE-2015-7577","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7577"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml","reference_id":"CVE-2015-7577.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml"},{"reference_url":"https://github.com/advisories/GHSA-xrr6-3pc4-m447","reference_id":"GHSA-xrr6-3pc4-m447","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrr6-3pc4-m447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2015-7577","GHSA-xrr6-3pc4-m447"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qsf-qm7w-y7be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178544?format=json","vulnerability_id":"VCID-3ser-nhqn-mbar","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0155","reference_id":"","reference_type":"","scores":[{"value":"0.18174","scoring_system":"epss","scoring_elements":"0.9536","published_at":"2026-06-13T12:55:00Z"},{"value":"0.18174","scoring_system":"epss","scoring_elements":"0.95341","published_at":"2026-06-11T12:55:00Z"},{"value":"0.18174","scoring_system":"epss","scoring_elements":"0.95355","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"http://www.debian.org/security/2013/dsa-2609","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2609"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=892866","reference_id":"892866","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=892866"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0155","reference_id":"CVE-2013-0155","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0155"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml","reference_id":"CVE-2013-0155.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml"},{"reference_url":"https://github.com/advisories/GHSA-gppp-5xc5-wfpx","reference_id":"GHSA-gppp-5xc5-wfpx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gppp-5xc5-wfpx"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0155","reference_id":"RHSA-2013:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0155"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2013-0155","GHSA-gppp-5xc5-wfpx","OSV-89025"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ser-nhqn-mbar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/196614?format=json","vulnerability_id":"VCID-4j57-xdw3-a7em","summary":"open redirect","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2021-22942","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2021-22942"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22942","reference_id":"","reference_type":"","scores":[{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67822","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67923","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.6791","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22942","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22942"},{"reference_url":"https://rubygems.org/gems/actionpack","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/actionpack"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0005","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20240202-0005/"},{"reference_url":"https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released"},{"reference_url":"https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/12/14/5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/12/14/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995940","reference_id":"1995940","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995940"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586","reference_id":"992586","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586"},{"reference_url":"https://security.archlinux.org/AVG-2492","reference_id":"AVG-2492","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2492"},{"reference_url":"https://security.archlinux.org/AVG-2493","reference_id":"AVG-2493","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2493"},{"reference_url":"https://github.com/advisories/GHSA-2rqw-v265-jf8c","reference_id":"GHSA-2rqw-v265-jf8c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rqw-v265-jf8c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2021-22942","GHSA-2rqw-v265-jf8c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4j57-xdw3-a7em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178535?format=json","vulnerability_id":"VCID-56hv-j97k-w3dr","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0446","reference_id":"","reference_type":"","scores":[{"value":"0.0067","scoring_system":"epss","scoring_elements":"0.71915","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0067","scoring_system":"epss","scoring_elements":"0.7183","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0067","scoring_system":"epss","scoring_elements":"0.71928","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446"},{"reference_url":"http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43274"},{"reference_url":"http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43666"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217"},{"reference_url":"https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666"},{"reference_url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291"},{"reference_url":"https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064"},{"reference_url":"http://www.debian.org/security/2011/dsa-2247","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2247"},{"reference_url":"http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46291"},{"reference_url":"http://www.securitytracker.com/id?1025064","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025064"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0587","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0587"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864","reference_id":"614864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0446","reference_id":"CVE-2011-0446","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0446"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml","reference_id":"CVE-2011-0446.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml","reference_id":"CVE-2011-0446.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml"},{"reference_url":"https://github.com/advisories/GHSA-75w6-p6mg-vh8j","reference_id":"GHSA-75w6-p6mg-vh8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75w6-p6mg-vh8j"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2011-0446","GHSA-75w6-p6mg-vh8j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56hv-j97k-w3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178536?format=json","vulnerability_id":"VCID-58mv-ca6x-ruh8","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0447","reference_id":"","reference_type":"","scores":[{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.7738","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.77309","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.77395","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447"},{"reference_url":"http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43274"},{"reference_url":"http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43666"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034"},{"reference_url":"https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06"},{"reference_url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291"},{"reference_url":"https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060"},{"reference_url":"http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails"},{"reference_url":"http://www.debian.org/security/2011/dsa-2247","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2247"},{"reference_url":"http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46291"},{"reference_url":"http://www.securitytracker.com/id?1025060","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025060"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0587","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0587"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864","reference_id":"614864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0447","reference_id":"CVE-2011-0447","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0447"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml","reference_id":"CVE-2011-0447.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml"},{"reference_url":"https://github.com/advisories/GHSA-24fg-p96v-hxh8","reference_id":"GHSA-24fg-p96v-hxh8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-24fg-p96v-hxh8"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2011-0447","GHSA-24fg-p96v-hxh8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58mv-ca6x-ruh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109434?format=json","vulnerability_id":"VCID-6rc5-9gn7-tbbv","summary":"security update","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"},{"reference_url":"http://openwall.com/lists/oss-security/2014/02/18/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/02/18/8"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0081","reference_id":"","reference_type":"","scores":[{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75889","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75974","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75961","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4"},{"reference_url":"https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782"},{"reference_url":"https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647"},{"reference_url":"https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065520","reference_id":"1065520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065520"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0081","reference_id":"CVE-2014-0081","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0081"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml","reference_id":"CVE-2014-0081.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml","reference_id":"CVE-2014-0081.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml"},{"reference_url":"https://github.com/advisories/GHSA-m46p-ggm5-5j83","reference_id":"GHSA-m46p-ggm5-5j83","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m46p-ggm5-5j83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0215","reference_id":"RHSA-2014:0215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0306","reference_id":"RHSA-2014:0306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0306"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2014-0081","GHSA-m46p-ggm5-5j83","OSV-103439"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rc5-9gn7-tbbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111935?format=json","vulnerability_id":"VCID-74g9-svkp-h3f1","summary":"security update","references":[{"reference_url":"http://openwall.com/lists/oss-security/2014/07/02/5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/07/02/5"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0876.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0876.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3482","reference_id":"","reference_type":"","scores":[{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.8172","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.81791","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.81782","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI"},{"reference_url":"http://www.debian.org/security/2014/dsa-2982","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1114425","reference_id":"1114425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1114425"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3482","reference_id":"CVE-2014-3482","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3482"},{"reference_url":"https://github.com/advisories/GHSA-mhwp-qhpc-h3jm","reference_id":"GHSA-mhwp-qhpc-h3jm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhwp-qhpc-h3jm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0876","reference_id":"RHSA-2014:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073999?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1"}],"aliases":["CVE-2014-3482","GHSA-mhwp-qhpc-h3jm","OSV-108664"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74g9-svkp-h3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15151?format=json","vulnerability_id":"VCID-7659-nqt4-cyes","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23913","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4313","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43308","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43288","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23913","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23913"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240605-0007","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240605-0007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182160","reference_id":"2182160","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182160"},{"reference_url":"https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd","reference_id":"5037a13614d71727af8a175063bcf6ba1a74bdbd","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468","reference_id":"82468","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263","reference_id":"bugreport.cgi?bug=1033263","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263"},{"reference_url":"https://www.debian.org/security/2023/dsa-5389","reference_id":"dsa-5389","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://www.debian.org/security/2023/dsa-5389"},{"reference_url":"https://github.com/advisories/GHSA-xp5h-f8jf-rc8q","reference_id":"GHSA-xp5h-f8jf-rc8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xp5h-f8jf-rc8q"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240605-0007/","reference_id":"ntap-20240605-0007","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240605-0007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2023-23913","GHSA-xp5h-f8jf-rc8q"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7659-nqt4-cyes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200249?format=json","vulnerability_id":"VCID-7b9s-j981-audq","summary":"actionpack Cross-site Scripting vulnerability","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56614","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56495","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56628","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77"},{"reference_url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847200","reference_id":"847200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847200"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465","reference_id":"CVE-2012-3465","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465"},{"reference_url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5","reference_id":"GHSA-7g65-ghrg-hpf5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2012-3465","GHSA-7g65-ghrg-hpf5","OSV-84513"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7b9s-j981-audq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8675?format=json","vulnerability_id":"VCID-873z-9zhz-3fhg","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5267","reference_id":"","reference_type":"","scores":[{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.76001","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75987","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75916","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/03/19/1","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/03/19/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831528","reference_id":"1831528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304","reference_id":"954304","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5267","reference_id":"CVE-2020-5267","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5267"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml","reference_id":"CVE-2020-5267.YML","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml"},{"reference_url":"https://github.com/advisories/GHSA-65cv-r6x7-79hv","reference_id":"GHSA-65cv-r6x7-79hv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-65cv-r6x7-79hv"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv","reference_id":"GHSA-65cv-r6x7-79hv","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2020-5267","GHSA-65cv-r6x7-79hv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-873z-9zhz-3fhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9073?format=json","vulnerability_id":"VCID-8ajf-ebxr-7bgf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22880","reference_id":"","reference_type":"","scores":[{"value":"0.02599","scoring_system":"epss","scoring_elements":"0.85936","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02599","scoring_system":"epss","scoring_elements":"0.85996","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02599","scoring_system":"epss","scoring_elements":"0.85986","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI"},{"reference_url":"https://hackerone.com/reports/1023899","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1023899"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22880"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210805-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210805-0009/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4929","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4929"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930102","reference_id":"1930102","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930102"},{"reference_url":"https://github.com/advisories/GHSA-8hc4-xxm3-5ppp","reference_id":"GHSA-8hc4-xxm3-5ppp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hc4-xxm3-5ppp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2021-22880","GHSA-8hc4-xxm3-5ppp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ajf-ebxr-7bgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/188712?format=json","vulnerability_id":"VCID-94u9-8r8a-rufw","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8162","reference_id":"","reference_type":"","scores":[{"value":"0.01549","scoring_system":"epss","scoring_elements":"0.81881","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01549","scoring_system":"epss","scoring_elements":"0.8182","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01549","scoring_system":"epss","scoring_elements":"0.81891","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://github.com/aws/aws-sdk-ruby","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aws/aws-sdk-ruby"},{"reference_url":"https://github.com/aws/aws-sdk-ruby/issues/2098","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aws/aws-sdk-ruby/issues/2098"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ"},{"reference_url":"https://hackerone.com/reports/789579","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/789579"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843005","reference_id":"1843005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8162","reference_id":"CVE-2020-8162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8162"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml","reference_id":"CVE-2020-8162.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml"},{"reference_url":"https://github.com/advisories/GHSA-m42x-37p3-fv5w","reference_id":"GHSA-m42x-37p3-fv5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m42x-37p3-fv5w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2020-8162","GHSA-m42x-37p3-fv5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94u9-8r8a-rufw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178542?format=json","vulnerability_id":"VCID-9c9c-jwz1-zycr","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2932","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74781","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74698","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74769","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2932"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731435","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932"},{"reference_url":"http://secunia.com/advisories/45917","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/45917"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2932","reference_id":"CVE-2011-2932","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2932"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml","reference_id":"CVE-2011-2932.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml"},{"reference_url":"https://github.com/advisories/GHSA-9fh3-vh3h-q4g3","reference_id":"GHSA-9fh3-vh3h-q4g3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fh3-vh3h-q4g3"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2011-2932","GHSA-9fh3-vh3h-q4g3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9c9c-jwz1-zycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178545?format=json","vulnerability_id":"VCID-9cgs-zd4y-2qdz","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0153.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0153.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0155.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0155.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99709","published_at":"2026-06-11T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.9971","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0156"},{"reference_url":"https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain"},{"reference_url":"https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"},{"reference_url":"https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A"},{"reference_url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2604","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2604"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html"},{"reference_url":"http://www.insinuator.net/2013/01/rails-yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.insinuator.net/2013/01/rails-yaml"},{"reference_url":"http://www.insinuator.net/2013/01/rails-yaml/","reference_id":"","reference_type":"","scores":[],"url":"http://www.insinuator.net/2013/01/rails-yaml/"},{"reference_url":"http://www.kb.cert.org/vuls/id/380039","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/380039"},{"reference_url":"http://www.kb.cert.org/vuls/id/628463","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/628463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722","reference_id":"697722","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=892870","reference_id":"892870","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=892870"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0156","reference_id":"CVE-2013-0156","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0156"},{"reference_url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/","reference_id":"CVE-2013-0156","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb","reference_id":"CVE-2013-0156;OSVDB-89026","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb","reference_id":"CVE-2013-0156;OSVDB-89026","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb"},{"reference_url":"https://github.com/advisories/GHSA-jmgw-6vjg-jjwg","reference_id":"GHSA-jmgw-6vjg-jjwg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmgw-6vjg-jjwg"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0153","reference_id":"RHSA-2013:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0155","reference_id":"RHSA-2013:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0155"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2013-0156","GHSA-jmgw-6vjg-jjwg","OSV-89026"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cgs-zd4y-2qdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200338?format=json","vulnerability_id":"VCID-9j8b-jg5m-1kgk","summary":"activesupport Cross-site Scripting vulnerability","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1098","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59838","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59718","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59826","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=799275","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=799275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098"},{"reference_url":"https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml"},{"reference_url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/02/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/03/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/03/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1098","reference_id":"CVE-2012-1098","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1098"},{"reference_url":"https://github.com/advisories/GHSA-qv8p-v9qw-wc7g","reference_id":"GHSA-qv8p-v9qw-wc7g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qv8p-v9qw-wc7g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2012-1098","GHSA-qv8p-v9qw-wc7g","OSV-79726"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9j8b-jg5m-1kgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181754?format=json","vulnerability_id":"VCID-9m63-rwun-nubx","summary":"security update","references":[{"reference_url":"http://openwall.com/lists/oss-security/2015/06/16/17","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2015/06/16/17"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3226","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43789","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43964","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43944","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU"},{"reference_url":"https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ"},{"reference_url":"https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231"},{"reference_url":"https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232310","reference_id":"1232310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232310"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486","reference_id":"790486","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3226","reference_id":"CVE-2015-3226","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3226"},{"reference_url":"https://github.com/advisories/GHSA-vxvp-4xwc-jpp6","reference_id":"GHSA-vxvp-4xwc-jpp6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxvp-4xwc-jpp6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2015-3226","GHSA-vxvp-4xwc-jpp6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9m63-rwun-nubx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109436?format=json","vulnerability_id":"VCID-a6dm-ywkf-wkgh","summary":"security update","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"},{"reference_url":"http://openwall.com/lists/oss-security/2014/02/18/10","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/02/18/10"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0082","reference_id":"","reference_type":"","scores":[{"value":"0.06456","scoring_system":"epss","scoring_elements":"0.91315","published_at":"2026-06-13T12:55:00Z"},{"value":"0.06456","scoring_system":"epss","scoring_elements":"0.91278","published_at":"2026-06-11T12:55:00Z"},{"value":"0.06456","scoring_system":"epss","scoring_elements":"0.91308","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc"},{"reference_url":"https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065538","reference_id":"1065538","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065538"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0082","reference_id":"CVE-2014-0082","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0082"},{"reference_url":"https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082","reference_id":"CVE-2014-0082","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml","reference_id":"CVE-2014-0082.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml"},{"reference_url":"https://github.com/advisories/GHSA-7cgp-c3g7-qvrw","reference_id":"GHSA-7cgp-c3g7-qvrw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cgp-c3g7-qvrw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0215","reference_id":"RHSA-2014:0215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0306","reference_id":"RHSA-2014:0306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0306"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2014-0082","GHSA-7cgp-c3g7-qvrw","OSV-103440"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6dm-ywkf-wkgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7112?format=json","vulnerability_id":"VCID-a8d2-vazh-gqbz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5419","reference_id":"","reference_type":"","scores":[{"value":"0.12118","scoring_system":"epss","scoring_elements":"0.93991","published_at":"2026-06-13T12:55:00Z"},{"value":"0.12118","scoring_system":"epss","scoring_elements":"0.93985","published_at":"2026-06-12T12:55:00Z"},{"value":"0.12118","scoring_system":"epss","scoring_elements":"0.93966","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715"},{"reference_url":"https://github.com/rails/rails/pull/35708","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/pull/35708"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"},{"reference_url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689160","reference_id":"1689160","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689160"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520","reference_id":"924520","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5419","reference_id":"CVE-2019-5419","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5419"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml","reference_id":"CVE-2019-5419.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml"},{"reference_url":"https://github.com/advisories/GHSA-m63j-wh5w-c252","reference_id":"GHSA-m63j-wh5w-c252","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m63j-wh5w-c252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0796","reference_id":"RHSA-2019:0796","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1147","reference_id":"RHSA-2019:1147","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1149","reference_id":"RHSA-2019:1149","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1289","reference_id":"RHSA-2019:1289","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1289"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"}],"aliases":["CVE-2019-5419","GHSA-m63j-wh5w-c252"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8d2-vazh-gqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7113?format=json","vulnerability_id":"VCID-abxz-4rbx-zfhe","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5420.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5420.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5420","reference_id":"","reference_type":"","scores":[{"value":"0.93513","scoring_system":"epss","scoring_elements":"0.99836","published_at":"2026-06-13T12:55:00Z"},{"value":"0.93513","scoring_system":"epss","scoring_elements":"0.99835","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"},{"reference_url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released"},{"reference_url":"https://www.exploit-db.com/exploits/46785","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46785"},{"reference_url":"https://www.exploit-db.com/exploits/46785/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46785/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689154","reference_id":"1689154","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689154"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521","reference_id":"924521","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb","reference_id":"CVE-2019-5420","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5420","reference_id":"CVE-2019-5420","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5420"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb","reference_id":"CVE-2019-5420","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml","reference_id":"CVE-2019-5420.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml"},{"reference_url":"https://github.com/advisories/GHSA-m42h-mh85-4qgc","reference_id":"GHSA-m42h-mh85-4qgc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m42h-mh85-4qgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"}],"aliases":["CVE-2019-5420","GHSA-m42h-mh85-4qgc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abxz-4rbx-zfhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8773?format=json","vulnerability_id":"VCID-ajy4-eqvj-4ydd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8167","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62959","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62845","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62947","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"},{"reference_url":"https://hackerone.com/reports/189878","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/189878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843084","reference_id":"1843084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843084"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8167","reference_id":"CVE-2020-8167","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8167"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml","reference_id":"CVE-2020-8167.YML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml"},{"reference_url":"https://github.com/advisories/GHSA-xq5j-gw7f-jgj8","reference_id":"GHSA-xq5j-gw7f-jgj8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xq5j-gw7f-jgj8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2020-8167","GHSA-xq5j-gw7f-jgj8"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajy4-eqvj-4ydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/997?format=json","vulnerability_id":"VCID-akcz-6jhs-7bdq","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2097","reference_id":"","reference_type":"","scores":[{"value":"0.01912","scoring_system":"epss","scoring_elements":"0.83693","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01912","scoring_system":"epss","scoring_elements":"0.83751","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01912","scoring_system":"epss","scoring_elements":"0.8376","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4"},{"reference_url":"https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122"},{"reference_url":"https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726"},{"reference_url":"https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3509","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310043","reference_id":"1310043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310043"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2097","reference_id":"CVE-2016-2097","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2097"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml","reference_id":"CVE-2016-2097.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml","reference_id":"CVE-2016-2097.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml"},{"reference_url":"https://github.com/advisories/GHSA-vx9j-46rh-fqr8","reference_id":"GHSA-vx9j-46rh-fqr8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vx9j-46rh-fqr8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0456","reference_id":"RHSA-2016:0456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2016-2097","GHSA-vx9j-46rh-fqr8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akcz-6jhs-7bdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200096?format=json","vulnerability_id":"VCID-arbz-y6ud-mbap","summary":"activesupport Cross-site Scripting vulnerability","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3464","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48166","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48028","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48183","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce"},{"reference_url":"https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23"},{"reference_url":"https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870"},{"reference_url":"https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc"},{"reference_url":"https://github.com/rails/rails/issues/7215","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/issues/7215"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847199","reference_id":"847199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847199"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3464","reference_id":"CVE-2012-3464","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3464"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml","reference_id":"CVE-2012-3464.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml"},{"reference_url":"https://github.com/advisories/GHSA-h835-75hw-pj89","reference_id":"GHSA-h835-75hw-pj89","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h835-75hw-pj89"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2012-3464","GHSA-h835-75hw-pj89","OSV-84516"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-arbz-y6ud-mbap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181755?format=json","vulnerability_id":"VCID-av5v-ktz7-9ybf","summary":"security update","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html"},{"reference_url":"http://openwall.com/lists/oss-security/2015/06/16/16","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2015/06/16/16"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3227","reference_id":"","reference_type":"","scores":[{"value":"0.02683","scoring_system":"epss","scoring_elements":"0.86176","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02683","scoring_system":"epss","scoring_elements":"0.86237","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02683","scoring_system":"epss","scoring_elements":"0.86226","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3"},{"reference_url":"https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680"},{"reference_url":"https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk"},{"reference_url":"https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234"},{"reference_url":"https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232302","reference_id":"1232302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232302"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487","reference_id":"790487","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3227","reference_id":"CVE-2015-3227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3227"},{"reference_url":"https://github.com/advisories/GHSA-j96r-xvjq-r9pg","reference_id":"GHSA-j96r-xvjq-r9pg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j96r-xvjq-r9pg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2015-3227","GHSA-j96r-xvjq-r9pg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-av5v-ktz7-9ybf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199875?format=json","vulnerability_id":"VCID-ayfj-arqs-5khk","summary":"actionpack vulnerable to Path Traversal","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7818","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44916","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44766","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44931","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1161499","reference_id":"1161499","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1161499"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934","reference_id":"770934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7818","reference_id":"CVE-2014-7818","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7818"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml","reference_id":"CVE-2014-7818.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml"},{"reference_url":"https://puppet.com/security/cve/cve-2014-7829","reference_id":"CVE-2014-7829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2014-7829"},{"reference_url":"https://github.com/advisories/GHSA-29gr-w57f-rpfw","reference_id":"GHSA-29gr-w57f-rpfw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29gr-w57f-rpfw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073999?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1"}],"aliases":["CVE-2014-7818","GHSA-29gr-w57f-rpfw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ayfj-arqs-5khk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8771?format=json","vulnerability_id":"VCID-b8tc-n7vg-wkdd","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8165","reference_id":"","reference_type":"","scores":[{"value":"0.90128","scoring_system":"epss","scoring_elements":"0.99606","published_at":"2026-06-11T12:55:00Z"},{"value":"0.90128","scoring_system":"epss","scoring_elements":"0.99607","published_at":"2026-06-12T12:55:00Z"},{"value":"0.90128","scoring_system":"epss","scoring_elements":"0.99608","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"},{"reference_url":"https://hackerone.com/reports/413388","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/413388"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250509-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250509-0002"},{"reference_url":"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843072","reference_id":"1843072","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843072"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8165","reference_id":"CVE-2020-8165","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8165"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml","reference_id":"CVE-2020-8165.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml"},{"reference_url":"https://github.com/advisories/GHSA-2p68-f74v-9wc6","reference_id":"GHSA-2p68-f74v-9wc6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2p68-f74v-9wc6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2020-8165","GHSA-2p68-f74v-9wc6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8tc-n7vg-wkdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8772?format=json","vulnerability_id":"VCID-bqps-e1sm-xkhe","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8166","reference_id":"","reference_type":"","scores":[{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63745","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63861","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63847","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843152","reference_id":"1843152","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843152"},{"reference_url":"https://hackerone.com/reports/732415","reference_id":"732415","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/"}],"url":"https://hackerone.com/reports/732415"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8166","reference_id":"CVE-2020-8166","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8166"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml","reference_id":"CVE-2020-8166.YML","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml"},{"reference_url":"https://www.debian.org/security/2020/dsa-4766","reference_id":"dsa-4766","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/"}],"url":"https://www.debian.org/security/2020/dsa-4766"},{"reference_url":"https://github.com/advisories/GHSA-jp5v-5gx4-jmj9","reference_id":"GHSA-jp5v-5gx4-jmj9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jp5v-5gx4-jmj9"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw","reference_id":"NOjKiGeXUgw","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/"}],"url":"https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2020-8166","GHSA-jp5v-5gx4-jmj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqps-e1sm-xkhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7111?format=json","vulnerability_id":"VCID-bz3f-a6me-a3hh","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5418","reference_id":"","reference_type":"","scores":[{"value":"0.94318","scoring_system":"epss","scoring_elements":"0.99953","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA"},{"reference_url":"https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released"},{"reference_url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418"},{"reference_url":"https://www.exploit-db.com/exploits/46585","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46585"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/03/22/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/03/22/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689159","reference_id":"1689159","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689159"},{"reference_url":"https://www.exploit-db.com/exploits/46585/","reference_id":"46585","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://www.exploit-db.com/exploits/46585/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520","reference_id":"924520","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py","reference_id":"CVE-2019-5418","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5418","reference_id":"CVE-2019-5418","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5418"},{"reference_url":"https://github.com/advisories/GHSA-86g5-2wh3-gc9j","reference_id":"GHSA-86g5-2wh3-gc9j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86g5-2wh3-gc9j"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html","reference_id":"msg00011.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html","reference_id":"msg00042.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"},{"reference_url":"https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q","reference_id":"pFRKI96Sm8Q","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q"},{"reference_url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/","reference_id":"Rails-4-2-5-1-5-1-6-2-have-been-released","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"},{"reference_url":"http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html","reference_id":"Rails-5.2.1-Arbitrary-File-Content-Disclosure.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0796","reference_id":"RHSA-2019:0796","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1147","reference_id":"RHSA-2019:1147","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1149","reference_id":"RHSA-2019:1149","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1289","reference_id":"RHSA-2019:1289","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1289"},{"reference_url":"https://usn.ubuntu.com/7646-1/","reference_id":"USN-7646-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7646-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/","reference_id":"Y43636TH4D6T46IC6N2RQVJTRFJAAYGA","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"}],"aliases":["CVE-2019-5418","GHSA-86g5-2wh3-gc9j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bz3f-a6me-a3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12054?format=json","vulnerability_id":"VCID-c7qj-hcu8-p7hc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32224","reference_id":"","reference_type":"","scores":[{"value":"0.01944","scoring_system":"epss","scoring_elements":"0.83831","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01944","scoring_system":"epss","scoring_elements":"0.83896","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01944","scoring_system":"epss","scoring_elements":"0.83887","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a"},{"reference_url":"https://github.com/rails/rails/commits/main/activerecord","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commits/main/activerecord"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140","reference_id":"1016140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108997","reference_id":"2108997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108997"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32224","reference_id":"CVE-2022-32224","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32224"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml","reference_id":"CVE-2022-32224.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml"},{"reference_url":"https://github.com/advisories/GHSA-3hhc-qp5v-9p2j","reference_id":"GHSA-3hhc-qp5v-9p2j","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/"}],"url":"https://github.com/advisories/GHSA-3hhc-qp5v-9p2j"},{"reference_url":"https://security.gentoo.org/glsa/202408-24","reference_id":"GLSA-202408-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-24"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U","reference_id":"MmFO3LYQE8U","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/"}],"url":"https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0261","reference_id":"RHSA-2023:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1151","reference_id":"RHSA-2023:1151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2022-32224","GHSA-3hhc-qp5v-9p2j","GMS-2022-3029"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7qj-hcu8-p7hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20939?format=json","vulnerability_id":"VCID-c9r4-ps21-fked","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47888","reference_id":"","reference_type":"","scores":[{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65314","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65425","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65414","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376","reference_id":"1085376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319035","reference_id":"2319035","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319035"},{"reference_url":"https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468","reference_id":"4f4312b21a6448336de7c7ab0c4d94b378def468","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/"}],"url":"https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468"},{"reference_url":"https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822","reference_id":"727b0946c3cab04b825c039435eac963d4e91822","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/"}],"url":"https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822"},{"reference_url":"https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e","reference_id":"ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/"}],"url":"https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47888","reference_id":"CVE-2024-47888","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47888"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml","reference_id":"CVE-2024-47888.YML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml"},{"reference_url":"https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5","reference_id":"de0df7caebd9cb238a6f10dca462dc5f8d5e98b5","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/"}],"url":"https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5"},{"reference_url":"https://github.com/advisories/GHSA-wwhv-wxv9-rpgw","reference_id":"GHSA-wwhv-wxv9-rpgw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wwhv-wxv9-rpgw"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw","reference_id":"GHSA-wwhv-wxv9-rpgw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw"},{"reference_url":"https://usn.ubuntu.com/7290-1/","reference_id":"USN-7290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2024-47888","GHSA-wwhv-wxv9-rpgw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9r4-ps21-fked"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12570?format=json","vulnerability_id":"VCID-cvs8-ejdv-uqhy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44566","reference_id":"","reference_type":"","scores":[{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81785","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81854","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81846","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf"},{"reference_url":"https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml"},{"reference_url":"https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid"},{"reference_url":"https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44566","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44566"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html","reference_id":"2022-11-01-forcing-sequential-scans-on-postgresql.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/"}],"url":"https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164789","reference_id":"2164789","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164789"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119","reference_id":"82119","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119"},{"reference_url":"https://github.com/advisories/GHSA-579w-22j4-4749","reference_id":"GHSA-579w-22j4-4749","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-579w-22j4-4749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2022-44566","GHSA-579w-22j4-4749","GMS-2023-59"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvs8-ejdv-uqhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/492?format=json","vulnerability_id":"VCID-d7kf-83av-dkes","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7576","reference_id":"","reference_type":"","scores":[{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78726","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78644","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78709","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":""},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k"},{"reference_url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/8","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301933","reference_id":"1301933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301933"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576","reference_id":"CVE-2015-7576","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml","reference_id":"CVE-2015-7576.YML","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml"},{"reference_url":"https://github.com/advisories/GHSA-p692-7mm3-3fxg","reference_id":"GHSA-p692-7mm3-3fxg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p692-7mm3-3fxg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2015-7576","GHSA-p692-7mm3-3fxg"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7kf-83av-dkes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209646?format=json","vulnerability_id":"VCID-ez3g-ygna-jkb8","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22794","reference_id":"","reference_type":"","scores":[{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90663","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90692","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.907","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22794","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22794"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0008","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0008"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0008/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20240202-0008/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164785","reference_id":"2164785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164785"},{"reference_url":"https://github.com/advisories/GHSA-hq7p-j377-6v63","reference_id":"GHSA-hq7p-j377-6v63","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hq7p-j377-6v63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2023-22794","GHSA-hq7p-j377-6v63","GMS-2023-60"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ez3g-ygna-jkb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208116?format=json","vulnerability_id":"VCID-fhjg-crvh-myhd","summary":"In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8264.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8264.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8264","reference_id":"","reference_type":"","scores":[{"value":"0.0205","scoring_system":"epss","scoring_elements":"0.8424","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0205","scoring_system":"epss","scoring_elements":"0.84295","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0205","scoring_system":"epss","scoring_elements":"0.84304","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8264"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8264","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8264"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8264.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8264.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ"},{"reference_url":"https://hackerone.com/reports/904059","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/904059"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8264","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8264"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1886554","reference_id":"1886554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1886554"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971988","reference_id":"971988","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971988"},{"reference_url":"https://github.com/advisories/GHSA-35mm-cc6r-8fjp","reference_id":"GHSA-35mm-cc6r-8fjp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-35mm-cc6r-8fjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2020-8264","GHSA-35mm-cc6r-8fjp"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhjg-crvh-myhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15120?format=json","vulnerability_id":"VCID-fnx8-28wd-qqgx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.80176","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.80254","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.80238","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f"},{"reference_url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0"},{"reference_url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799","reference_id":"2164799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799"},{"reference_url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv","reference_id":"GHSA-8xww-x3g3-6jcv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2023-22795","GHSA-8xww-x3g3-6jcv","GMS-2023-56"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnx8-28wd-qqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178548?format=json","vulnerability_id":"VCID-fu6v-k8cg-d3c7","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0201.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0201.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0202.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0202.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0203.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0203.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0201","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0202","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0203","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0203"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0333","reference_id":"","reference_type":"","scores":[{"value":"0.91761","scoring_system":"epss","scoring_elements":"0.99702","published_at":"2026-06-12T12:55:00Z"},{"value":"0.91761","scoring_system":"epss","scoring_elements":"0.99701","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=903440","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=903440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2613","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2613"},{"reference_url":"http://www.kb.cert.org/vuls/id/628463","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/628463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226","reference_id":"699226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-0333","reference_id":"CVE-2013-0333","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-0333"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0333","reference_id":"CVE-2013-0333","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0333"},{"reference_url":"https://puppet.com/security/cve/cve-2013-0333","reference_id":"CVE-2013-0333","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-0333"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb","reference_id":"CVE-2013-0333;OSVDB-89594","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml","reference_id":"CVE-2013-0333.YML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml"},{"reference_url":"https://github.com/advisories/GHSA-xgr2-v94m-rc9g","reference_id":"GHSA-xgr2-v94m-rc9g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xgr2-v94m-rc9g"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2013-0333","GHSA-xgr2-v94m-rc9g","OSV-89594"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fu6v-k8cg-d3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1682?format=json","vulnerability_id":"VCID-g6pk-2xpv-rugw","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1856.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1856.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1857.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1857.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1858.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1858.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6316","reference_id":"","reference_type":"","scores":[{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82348","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82338","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82277","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE"},{"reference_url":"https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3651","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3651"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/08/11/3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/08/11/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365008","reference_id":"1365008","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365008"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155","reference_id":"834155","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6316","reference_id":"CVE-2016-6316","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6316"},{"reference_url":"https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316","reference_id":"CVE-2016-6316","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml","reference_id":"CVE-2016-6316.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml"},{"reference_url":"https://github.com/advisories/GHSA-pc3m-v286-2jwj","reference_id":"GHSA-pc3m-v286-2jwj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pc3m-v286-2jwj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1855","reference_id":"RHSA-2016:1855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1856","reference_id":"RHSA-2016:1856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1857","reference_id":"RHSA-2016:1857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1858","reference_id":"RHSA-2016:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2016-6316","GHSA-pc3m-v286-2jwj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6pk-2xpv-rugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15121?format=json","vulnerability_id":"VCID-gujm-trnh-fqaa","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22796","reference_id":"","reference_type":"","scores":[{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81492","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81484","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81424","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8"},{"reference_url":"https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22796","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22796"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164736","reference_id":"2164736","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164736"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116","reference_id":"82116","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116"},{"reference_url":"https://www.debian.org/security/2023/dsa-5372","reference_id":"dsa-5372","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/"}],"url":"https://www.debian.org/security/2023/dsa-5372"},{"reference_url":"https://github.com/advisories/GHSA-j6gc-792m-qgm2","reference_id":"GHSA-j6gc-792m-qgm2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6gc-792m-qgm2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0009/","reference_id":"ntap-20240202-0009","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240202-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4341","reference_id":"RHSA-2023:4341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2023-22796","GHSA-j6gc-792m-qgm2","GMS-2023-61"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gujm-trnh-fqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178543?format=json","vulnerability_id":"VCID-gxj4-um99-mbg4","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3186","reference_id":"","reference_type":"","scores":[{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74715","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.748","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74787","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3186"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=732156","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=732156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9"},{"reference_url":"https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g"},{"reference_url":"https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3186","reference_id":"CVE-2011-3186","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3186"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml","reference_id":"CVE-2011-3186.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml"},{"reference_url":"https://github.com/advisories/GHSA-fcqf-h4h4-695m","reference_id":"GHSA-fcqf-h4h4-695m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcqf-h4h4-695m"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2011-3186","GHSA-fcqf-h4h4-695m","OSV-74616"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxj4-um99-mbg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15324?format=json","vulnerability_id":"VCID-h6gd-uea5-u3bp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28362","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43064","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4324","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43222","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28362","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28362"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250502-0009","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250502-0009"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058","reference_id":"1051058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058"},{"reference_url":"https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441","reference_id":"1c3f93d1e90a3475f9ae2377ead25ccf11f71441","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217785","reference_id":"2217785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217785"},{"reference_url":"https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5","reference_id":"69e37c84e3f77d75566424c7d0015172d6a6fac5","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132","reference_id":"83132","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":""},{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132"},{"reference_url":"https://github.com/advisories/GHSA-4g8v-vg43-wpgf","reference_id":"GHSA-4g8v-vg43-wpgf","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://github.com/advisories/GHSA-4g8v-vg43-wpgf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7851","reference_id":"RHSA-2023:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7851"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2023-28362","GHSA-4g8v-vg43-wpgf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gd-uea5-u3bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/739?format=json","vulnerability_id":"VCID-hfz8-rhgw-hydt","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0752","reference_id":"","reference_type":"","scores":[{"value":"0.90494","scoring_system":"epss","scoring_elements":"0.99629","published_at":"2026-06-13T12:55:00Z"},{"value":"0.90494","scoring_system":"epss","scoring_elements":"0.99628","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00"},{"reference_url":"https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"},{"reference_url":"https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801"},{"reference_url":"https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752"},{"reference_url":"https://www.exploit-db.com/exploits/40561","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/40561"},{"reference_url":"http://www.securitytracker.com/id/1034816","reference_id":"1034816","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.securitytracker.com/id/1034816"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/13","reference_id":"13","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/13"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301963","reference_id":"1301963","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301963"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html","reference_id":"178044.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html","reference_id":"178069.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"},{"reference_url":"https://www.exploit-db.com/exploits/40561/","reference_id":"40561","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"https://www.exploit-db.com/exploits/40561/"},{"reference_url":"http://www.securityfocus.com/bid/81801","reference_id":"81801","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.securityfocus.com/bid/81801"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb","reference_id":"CVE-2016-0752","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0752","reference_id":"CVE-2016-0752","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0752"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml","reference_id":"CVE-2016-0752.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml","reference_id":"CVE-2016-0752.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml"},{"reference_url":"http://www.debian.org/security/2016/dsa-3464","reference_id":"dsa-3464","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.debian.org/security/2016/dsa-3464"},{"reference_url":"https://github.com/advisories/GHSA-xrr4-p6fq-hjg7","reference_id":"GHSA-xrr4-p6fq-hjg7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrr4-p6fq-hjg7"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ","reference_id":"JXcBnTtZEgAJ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html","reference_id":"msg00043.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html","reference_id":"msg00053.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html","reference_id":"RHSA-2016-0296.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2016-0752","GHSA-xrr4-p6fq-hjg7"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfz8-rhgw-hydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178546?format=json","vulnerability_id":"VCID-hh3w-dxkg-8ygx","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0276","reference_id":"","reference_type":"","scores":[{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70134","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70238","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70224","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896"},{"reference_url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2620","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2620"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/11/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/11/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909528","reference_id":"909528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909528"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0276","reference_id":"CVE-2013-0276","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0276"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml","reference_id":"CVE-2013-0276.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml"},{"reference_url":"https://github.com/advisories/GHSA-gr44-7grc-37vq","reference_id":"GHSA-gr44-7grc-37vq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gr44-7grc-37vq"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0686","reference_id":"RHSA-2013:0686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0686"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2013-0276","GHSA-gr44-7grc-37vq","OSV-90072"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hh3w-dxkg-8ygx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15312?format=json","vulnerability_id":"VCID-jgeh-r771-5fcf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28120","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61525","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61637","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61629","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28120","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28120"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0006","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262","reference_id":"1033262","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179637","reference_id":"2179637","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179637"},{"reference_url":"https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70","reference_id":"3cf23c3f891e2e81c977ea4ab83b62bc2a444b70","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469","reference_id":"82469","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469"},{"reference_url":"https://www.debian.org/security/2023/dsa-5389","reference_id":"dsa-5389","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://www.debian.org/security/2023/dsa-5389"},{"reference_url":"https://github.com/advisories/GHSA-pj73-v5mw-pm9j","reference_id":"GHSA-pj73-v5mw-pm9j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj73-v5mw-pm9j"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0006/","reference_id":"ntap-20240202-0006","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240202-0006/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1953","reference_id":"RHSA-2023:1953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3495","reference_id":"RHSA-2023:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3495"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/","reference_id":"UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/","reference_id":"ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2023-28120","GHSA-pj73-v5mw-pm9j","GMS-2023-765"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgeh-r771-5fcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11771?format=json","vulnerability_id":"VCID-kkxa-423m-vqbt","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27777","reference_id":"","reference_type":"","scores":[{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75437","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75352","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75423","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"},{"reference_url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982","reference_id":"1016982","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080296","reference_id":"2080296","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080296"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27777","reference_id":"CVE-2022-27777","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27777"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml","reference_id":"CVE-2022-27777.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml"},{"reference_url":"https://github.com/advisories/GHSA-ch3h-j2vf-95pv","reference_id":"GHSA-ch3h-j2vf-95pv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ch3h-j2vf-95pv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2022-27777","GHSA-ch3h-j2vf-95pv","GMS-2022-1138"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkxa-423m-vqbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8770?format=json","vulnerability_id":"VCID-kqsm-qvtq-4kc6","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8164","reference_id":"","reference_type":"","scores":[{"value":"0.07389","scoring_system":"epss","scoring_elements":"0.91948","published_at":"2026-06-13T12:55:00Z"},{"value":"0.07389","scoring_system":"epss","scoring_elements":"0.9194","published_at":"2026-06-12T12:55:00Z"},{"value":"0.07389","scoring_system":"epss","scoring_elements":"0.91913","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"},{"reference_url":"https://hackerone.com/reports/292797","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/292797"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842634","reference_id":"1842634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842634"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8164","reference_id":"CVE-2020-8164","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8164"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml","reference_id":"CVE-2020-8164.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml"},{"reference_url":"https://github.com/advisories/GHSA-8727-m6gj-mc37","reference_id":"GHSA-8727-m6gj-mc37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8727-m6gj-mc37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2020-8164","GHSA-8727-m6gj-mc37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsm-qvtq-4kc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9074?format=json","vulnerability_id":"VCID-m1pe-q2r4-zfap","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22881.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22881.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22881","reference_id":"","reference_type":"","scores":[{"value":"0.15453","scoring_system":"epss","scoring_elements":"0.94813","published_at":"2026-06-11T12:55:00Z"},{"value":"0.15453","scoring_system":"epss","scoring_elements":"0.94831","published_at":"2026-06-12T12:55:00Z"},{"value":"0.1673","scoring_system":"epss","scoring_elements":"0.95109","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22881"},{"reference_url":"https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22881"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md"},{"reference_url":"https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E"},{"reference_url":"https://hackerone.com/reports/1047447","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1047447"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22881","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22881"},{"reference_url":"https://rubygems.org/gems/actionpack","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/actionpack"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/05/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/05/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/12/14/5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/12/14/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930211","reference_id":"1930211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930211"},{"reference_url":"https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/","reference_id":"CVE-2021-22881-FAILLE-DE-SECURITE-DANS-LE-MIDDLEWARE-HOSTAUTHORIZATION","reference_type":"","scores":[],"url":"https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/"},{"reference_url":"https://github.com/advisories/GHSA-8877-prq4-9xfw","reference_id":"GHSA-8877-prq4-9xfw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8877-prq4-9xfw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2021-22881","GHSA-8877-prq4-9xfw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1pe-q2r4-zfap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9080?format=json","vulnerability_id":"VCID-mepe-vuu9-g3gd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22902.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22902.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22902","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.72091","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.72078","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71994","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22902"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.0.3.7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.0.3.7"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.3.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.3.2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c"},{"reference_url":"https://hackerone.com/reports/1138654","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1138654"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22902","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22902"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961382","reference_id":"1961382","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961382"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214","reference_id":"988214","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214"},{"reference_url":"https://security.archlinux.org/AVG-2090","reference_id":"AVG-2090","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2090"},{"reference_url":"https://security.archlinux.org/AVG-2223","reference_id":"AVG-2223","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2223"},{"reference_url":"https://github.com/advisories/GHSA-g8ww-46x2-2p65","reference_id":"GHSA-g8ww-46x2-2p65","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8ww-46x2-2p65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2021-22902","GHSA-g8ww-46x2-2p65"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mepe-vuu9-g3gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200436?format=json","vulnerability_id":"VCID-mw4w-k3vk-y7gr","summary":"Cross-site Scripting in actionpack","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1099","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61105","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.6122","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61211","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1099"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=799276","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=799276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099"},{"reference_url":"https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml"},{"reference_url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"},{"reference_url":"http://www.debian.org/security/2012/dsa-2466","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2466"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/02/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/03/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/03/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1099","reference_id":"CVE-2012-1099","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1099"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml","reference_id":"CVE-2012-1099.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml"},{"reference_url":"https://github.com/advisories/GHSA-2xjj-5x6h-8vmf","reference_id":"GHSA-2xjj-5x6h-8vmf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xjj-5x6h-8vmf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2012-1099","GHSA-2xjj-5x6h-8vmf","OSV-79727"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mw4w-k3vk-y7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178541?format=json","vulnerability_id":"VCID-ndgd-kzmk-7fab","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2931","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74769","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74698","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74781","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2931"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731436","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931"},{"reference_url":"http://secunia.com/advisories/45921","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/45921"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2931","reference_id":"CVE-2011-2931","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2931"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml","reference_id":"CVE-2011-2931.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml"},{"reference_url":"https://github.com/advisories/GHSA-v5jg-558j-q67c","reference_id":"GHSA-v5jg-558j-q67c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v5jg-558j-q67c"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2011-2931","GHSA-v5jg-558j-q67c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndgd-kzmk-7fab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23321?format=json","vulnerability_id":"VCID-nrn7-7mxv-6qay","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24293","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39372","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39348","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39176","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354"},{"reference_url":"https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce"},{"reference_url":"https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24293","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24293"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2435565","reference_id":"2435565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2435565"},{"reference_url":"https://github.com/advisories/GHSA-r4mg-4433-c7g3","reference_id":"GHSA-r4mg-4433-c7g3","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-02T14:45:32Z/"}],"url":"https://github.com/advisories/GHSA-r4mg-4433-c7g3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2025-24293","GHSA-r4mg-4433-c7g3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrn7-7mxv-6qay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179831?format=json","vulnerability_id":"VCID-pbgu-3zaj-ukay","summary":"A vulnerability in Active Record could allow a remote attacker to\n    inject SQL commands.","references":[{"reference_url":"http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0220.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0220.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6496","reference_id":"","reference_type":"","scores":[{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.7769","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77676","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77607","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6496"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=889649","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=889649"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201401-22.xml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-201401-22.xml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6496","reference_id":"CVE-2012-6496","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6496"},{"reference_url":"https://github.com/advisories/GHSA-gh2w-j7cx-2664","reference_id":"GHSA-gh2w-j7cx-2664","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh2w-j7cx-2664"},{"reference_url":"https://security.gentoo.org/glsa/201401-22","reference_id":"GLSA-201401-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0155","reference_id":"RHSA-2013:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0220","reference_id":"RHSA-2013:0220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0220"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2012-6496","GHSA-gh2w-j7cx-2664","OSV-88661"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbgu-3zaj-ukay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/494?format=json","vulnerability_id":"VCID-qz2f-jse8-9bhj","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7581","reference_id":"","reference_type":"","scores":[{"value":"0.08542","scoring_system":"epss","scoring_elements":"0.92601","published_at":"2026-06-12T12:55:00Z"},{"value":"0.08542","scoring_system":"epss","scoring_elements":"0.92576","published_at":"2026-06-11T12:55:00Z"},{"value":"0.08542","scoring_system":"epss","scoring_elements":"0.92605","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE"},{"reference_url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677"},{"reference_url":"https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/16","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/16"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301981","reference_id":"1301981","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301981"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7581","reference_id":"CVE-2015-7581","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7581"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml","reference_id":"CVE-2015-7581.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml"},{"reference_url":"https://github.com/advisories/GHSA-9h6g-gp95-x3q5","reference_id":"GHSA-9h6g-gp95-x3q5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9h6g-gp95-x3q5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2015-7581","GHSA-9h6g-gp95-x3q5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qz2f-jse8-9bhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20940?format=json","vulnerability_id":"VCID-resj-j2ea-hbck","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47889","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55208","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55345","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55329","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94","reference_id":"0e5694f4d32544532d2301a9b4084eacb6986e94","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/"}],"url":"https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376","reference_id":"1085376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319033","reference_id":"2319033","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319033"},{"reference_url":"https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3","reference_id":"3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/"}],"url":"https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3"},{"reference_url":"https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9","reference_id":"985f1923fa62806ff676e41de67c3b4552131ab9","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/"}],"url":"https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9"},{"reference_url":"https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e","reference_id":"be898cc996986decfe238341d96b2a6573b8fd2e","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/"}],"url":"https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47889","reference_id":"CVE-2024-47889","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47889"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml","reference_id":"CVE-2024-47889.YML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml"},{"reference_url":"https://github.com/advisories/GHSA-h47h-mwp9-c6q6","reference_id":"GHSA-h47h-mwp9-c6q6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h47h-mwp9-c6q6"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6","reference_id":"GHSA-h47h-mwp9-c6q6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6"},{"reference_url":"https://usn.ubuntu.com/7290-1/","reference_id":"USN-7290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2024-47889","GHSA-h47h-mwp9-c6q6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-resj-j2ea-hbck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178549?format=json","vulnerability_id":"VCID-rhyd-xbpb-wufa","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0699.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0699.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0699","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1863","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1863"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1854","reference_id":"","reference_type":"","scores":[{"value":"0.01795","scoring_system":"epss","scoring_elements":"0.83171","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01795","scoring_system":"epss","scoring_elements":"0.83232","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01795","scoring_system":"epss","scoring_elements":"0.83241","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1854"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE"},{"reference_url":"https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-1854","reference_id":"CVE-2013-1854","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-1854"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1854","reference_id":"CVE-2013-1854","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1854"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml","reference_id":"CVE-2013-1854.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml"},{"reference_url":"https://github.com/advisories/GHSA-3crr-9vmg-864v","reference_id":"GHSA-3crr-9vmg-864v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3crr-9vmg-864v"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2013-1854","GHSA-3crr-9vmg-864v","OSV-91453"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhyd-xbpb-wufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1683?format=json","vulnerability_id":"VCID-runz-vm7e-a3fs","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6317","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.60041","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59921","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.60029","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/08/11/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/08/11/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365017","reference_id":"1365017","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365017"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154","reference_id":"834154","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6317","reference_id":"CVE-2016-6317","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6317"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml","reference_id":"CVE-2016-6317.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml"},{"reference_url":"https://github.com/advisories/GHSA-pr3r-4wrp-r2pv","reference_id":"GHSA-pr3r-4wrp-r2pv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr3r-4wrp-r2pv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1855","reference_id":"RHSA-2016:1855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1855"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2016-6317","GHSA-pr3r-4wrp-r2pv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-runz-vm7e-a3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202644?format=json","vulnerability_id":"VCID-sck9-xd5q-fuga","summary":"Exposure of Sensitive Information to an Unauthorized Actor in activestorage","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16477","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49699","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49854","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49836","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477"},{"reference_url":"https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg"},{"reference_url":"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released"},{"reference_url":"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848","reference_id":"914848","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16477","reference_id":"CVE-2018-16477","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16477"},{"reference_url":"https://github.com/advisories/GHSA-7rr7-rcjw-56vj","reference_id":"GHSA-7rr7-rcjw-56vj","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7rr7-rcjw-56vj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"}],"aliases":["CVE-2018-16477","GHSA-7rr7-rcjw-56vj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sck9-xd5q-fuga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199890?format=json","vulnerability_id":"VCID-sth3-da79-67bt","summary":"Active Record subject to strong parameters protection bypass","references":[{"reference_url":"http://openwall.com/lists/oss-security/2014/08/18/10","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/08/18/10"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1102.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1102.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3514","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56418","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56551","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56537","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1131240","reference_id":"1131240","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1131240"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3514","reference_id":"CVE-2014-3514","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3514"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml","reference_id":"CVE-2014-3514.YML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml"},{"reference_url":"https://github.com/advisories/GHSA-9rf5-jm6f-2fmm","reference_id":"GHSA-9rf5-jm6f-2fmm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9rf5-jm6f-2fmm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1102","reference_id":"RHSA-2014:1102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1102"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073999?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1"}],"aliases":["CVE-2014-3514","GHSA-9rf5-jm6f-2fmm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sth3-da79-67bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206941?format=json","vulnerability_id":"VCID-tnty-pw45-4ug3","summary":"actionpack Open Redirect in Host Authorization Middleware","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44528","reference_id":"","reference_type":"","scores":[{"value":"0.28611","scoring_system":"epss","scoring_elements":"0.96653","published_at":"2026-06-12T12:55:00Z"},{"value":"0.28611","scoring_system":"epss","scoring_elements":"0.96642","published_at":"2026-06-11T12:55:00Z"},{"value":"0.28611","scoring_system":"epss","scoring_elements":"0.96654","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021"},{"reference_url":"https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815"},{"reference_url":"https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240208-0003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240208-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240208-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20240208-0003/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817","reference_id":"1001817","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034266","reference_id":"2034266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034266"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44528","reference_id":"CVE-2021-44528","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44528"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml","reference_id":"CVE-2021-44528.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml"},{"reference_url":"https://github.com/advisories/GHSA-qphc-hf5q-v8fc","reference_id":"GHSA-qphc-hf5q-v8fc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qphc-hf5q-v8fc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2021-44528","GHSA-qphc-hf5q-v8fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnty-pw45-4ug3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182783?format=json","vulnerability_id":"VCID-tp7w-62cp-2yhr","summary":"security update","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2098","reference_id":"","reference_type":"","scores":[{"value":"0.86668","scoring_system":"epss","scoring_elements":"0.99442","published_at":"2026-06-11T12:55:00Z"},{"value":"0.86668","scoring_system":"epss","scoring_elements":"0.99443","published_at":"2026-06-12T12:55:00Z"},{"value":"0.86668","scoring_system":"epss","scoring_elements":"0.99444","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q"},{"reference_url":"https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725"},{"reference_url":"https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"},{"reference_url":"https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122"},{"reference_url":"https://www.exploit-db.com/exploits/40086","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/40086"},{"reference_url":"https://www.exploit-db.com/exploits/40086/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/40086/"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3509","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310054","reference_id":"1310054","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310054"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb","reference_id":"CVE-2016-2098","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2098","reference_id":"CVE-2016-2098","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2098"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml","reference_id":"CVE-2016-2098.YML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml"},{"reference_url":"https://github.com/advisories/GHSA-78rc-8c29-p45g","reference_id":"GHSA-78rc-8c29-p45g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-78rc-8c29-p45g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0456","reference_id":"RHSA-2016:0456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074000?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1078269?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2"}],"aliases":["CVE-2016-2098","GHSA-78rc-8c29-p45g"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tp7w-62cp-2yhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132023?format=json","vulnerability_id":"VCID-u15m-jr9m-wyd3","summary":"ActiveSupport::EncryptedFile writes contents that will be encrypted to a\r\ntemporary file.  The temporary file's permissions are defaulted to the user's\r\ncurrent `umask` settings, meaning that it's possible for other users on the\r\nsame system to read the contents of the temporary file.\r\n\r\nAttackers that have access to the file system could possibly read the contents\r\nof this temporary file while a user is editing it.\r\n\r\nAll users running an affected release should either upgrade or use one of the\r\nworkarounds immediately.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38037","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26616","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26399","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.266","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.7.1","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.7.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38037","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38037"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250214-0010","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250214-0010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057","reference_id":"1051057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236261","reference_id":"2236261","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236261"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544","reference_id":"83544","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:42Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544"},{"reference_url":"https://github.com/advisories/GHSA-cr5q-6q9f-rq6q","reference_id":"GHSA-cr5q-6q9f-rq6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr5q-6q9f-rq6q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7720","reference_id":"RHSA-2023:7720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0268","reference_id":"RHSA-2024:0268","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0268"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2010","reference_id":"RHSA-2024:2010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2010"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2023-38037","GHSA-cr5q-6q9f-rq6q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u15m-jr9m-wyd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178540?format=json","vulnerability_id":"VCID-u2gv-wvdc-tfbs","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2930","reference_id":"","reference_type":"","scores":[{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.7686","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76944","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76929","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2930"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731438","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2930","reference_id":"CVE-2011-2930","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2930"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml","reference_id":"CVE-2011-2930.YML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml"},{"reference_url":"https://github.com/advisories/GHSA-h6w6-xmqv-7q78","reference_id":"GHSA-h6w6-xmqv-7q78","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6w6-xmqv-7q78"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2011-2930","GHSA-h6w6-xmqv-7q78"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2gv-wvdc-tfbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4950?format=json","vulnerability_id":"VCID-usqn-hb81-pyf6","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0600","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0600"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16476","reference_id":"","reference_type":"","scores":[{"value":"0.00791","scoring_system":"epss","scoring_elements":"0.74418","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00791","scoring_system":"epss","scoring_elements":"0.74332","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00791","scoring_system":"epss","scoring_elements":"0.74405","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3"},{"reference_url":"https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw"},{"reference_url":"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released"},{"reference_url":"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1659223","reference_id":"1659223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1659223"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847","reference_id":"914847","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16476","reference_id":"CVE-2018-16476","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16476"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml","reference_id":"CVE-2018-16476.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml"},{"reference_url":"https://github.com/advisories/GHSA-q2qw-rmrh-vv42","reference_id":"GHSA-q2qw-rmrh-vv42","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2qw-rmrh-vv42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"}],"aliases":["CVE-2018-16476","GHSA-q2qw-rmrh-vv42"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-usqn-hb81-pyf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9077?format=json","vulnerability_id":"VCID-uzrf-6puc-kygc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22885","reference_id":"","reference_type":"","scores":[{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79856","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79937","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.7992","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI"},{"reference_url":"https://hackerone.com/reports/1106652","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1106652"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22885","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22885"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210805-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210805-0009/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4929","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2021/dsa-4929"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957441","reference_id":"1957441","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957441"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214","reference_id":"988214","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214"},{"reference_url":"https://security.archlinux.org/AVG-1920","reference_id":"AVG-1920","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1920"},{"reference_url":"https://security.archlinux.org/AVG-1921","reference_id":"AVG-1921","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1921"},{"reference_url":"https://security.archlinux.org/AVG-2090","reference_id":"AVG-2090","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2090"},{"reference_url":"https://security.archlinux.org/AVG-2223","reference_id":"AVG-2223","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2223"},{"reference_url":"https://github.com/advisories/GHSA-hjg4-8q5f-x6fm","reference_id":"GHSA-hjg4-8q5f-x6fm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hjg4-8q5f-x6fm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2021-22885","GHSA-hjg4-8q5f-x6fm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uzrf-6puc-kygc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178550?format=json","vulnerability_id":"VCID-v1py-zs44-n7cz","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0698","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1863","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1863"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1855","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.68003","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67902","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.6799","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1855"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-1855","reference_id":"CVE-2013-1855","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-1855"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1855","reference_id":"CVE-2013-1855","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1855"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml","reference_id":"CVE-2013-1855.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml"},{"reference_url":"https://github.com/advisories/GHSA-q759-hwvc-m3jg","reference_id":"GHSA-q759-hwvc-m3jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q759-hwvc-m3jg"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073998?format=json","purl":"pkg:deb/debian/rails@2:2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2"}],"aliases":["CVE-2013-1855","GHSA-q759-hwvc-m3jg","OSV-91452"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1py-zs44-n7cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8769?format=json","vulnerability_id":"VCID-vazh-rc42-puhy","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8163","reference_id":"","reference_type":"","scores":[{"value":"0.91071","scoring_system":"epss","scoring_elements":"0.99662","published_at":"2026-06-13T12:55:00Z"},{"value":"0.91071","scoring_system":"epss","scoring_elements":"0.99659","published_at":"2026-06-11T12:55:00Z"},{"value":"0.91071","scoring_system":"epss","scoring_elements":"0.9966","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0"},{"reference_url":"https://hackerone.com/reports/304805","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/304805"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848724","reference_id":"1848724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848724"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb","reference_id":"CVE-2020-8163","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8163","reference_id":"CVE-2020-8163","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8163"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml","reference_id":"CVE-2020-8163.YML","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml"},{"reference_url":"https://github.com/advisories/GHSA-cr3x-7m39-c6jq","reference_id":"GHSA-cr3x-7m39-c6jq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr3x-7m39-c6jq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"}],"aliases":["CVE-2020-8163","GHSA-cr3x-7m39-c6jq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vazh-rc42-puhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199836?format=json","vulnerability_id":"VCID-vczd-qydk-1bhj","summary":"Directory traversal vulnerability in actionpack","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7829","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50258","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50411","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50392","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk"},{"reference_url":"https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183"},{"reference_url":"http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1164659","reference_id":"1164659","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1164659"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934","reference_id":"770934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7829","reference_id":"CVE-2014-7829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7829"},{"reference_url":"https://puppet.com/security/cve/cve-2014-7829","reference_id":"CVE-2014-7829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2014-7829"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml","reference_id":"CVE-2014-7829.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml"},{"reference_url":"https://github.com/advisories/GHSA-h56m-vwxc-3qpw","reference_id":"GHSA-h56m-vwxc-3qpw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h56m-vwxc-3qpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073999?format=json","purl":"pkg:deb/debian/rails@2:4.1.8-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1"}],"aliases":["CVE-2014-7829","GHSA-h56m-vwxc-3qpw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vczd-qydk-1bhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7857?format=json","vulnerability_id":"VCID-vfmh-49eu-gbh8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15169","reference_id":"","reference_type":"","scores":[{"value":"0.01184","scoring_system":"epss","scoring_elements":"0.7927","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01184","scoring_system":"epss","scoring_elements":"0.79256","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01184","scoring_system":"epss","scoring_elements":"0.79192","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1877566","reference_id":"1877566","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1877566"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040","reference_id":"970040","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15169","reference_id":"CVE-2020-15169","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15169"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml","reference_id":"CVE-2020-15169.YML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml"},{"reference_url":"https://github.com/advisories/GHSA-cfjv-5498-mph5","reference_id":"GHSA-cfjv-5498-mph5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfjv-5498-mph5"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5","reference_id":"GHSA-cfjv-5498-mph5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078270?format=json","purl":"pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2020-15169","GHSA-cfjv-5498-mph5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfmh-49eu-gbh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11407?format=json","vulnerability_id":"VCID-x5c1-by5h-ubau","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21831","reference_id":"","reference_type":"","scores":[{"value":"0.0142","scoring_system":"epss","scoring_elements":"0.81081","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0142","scoring_system":"epss","scoring_elements":"0.81012","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0142","scoring_system":"epss","scoring_elements":"0.81072","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"},{"reference_url":"https://rubysec.com/advisories/CVE-2022-21831","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubysec.com/advisories/CVE-2022-21831"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221118-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221118-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221118-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20221118-0001/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940","reference_id":"1011940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064747","reference_id":"2064747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064747"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21831","reference_id":"CVE-2022-21831","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21831"},{"reference_url":"https://rubysec.com/advisories/CVE-2022-21831/","reference_id":"CVE-2022-21831","reference_type":"","scores":[],"url":"https://rubysec.com/advisories/CVE-2022-21831/"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml","reference_id":"CVE-2022-21831.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml"},{"reference_url":"https://github.com/advisories/GHSA-w749-p3v6-hccq","reference_id":"GHSA-w749-p3v6-hccq","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w749-p3v6-hccq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074930?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2"}],"aliases":["CVE-2022-21831","GHSA-w749-p3v6-hccq","GMS-2022-301"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5c1-by5h-ubau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20938?format=json","vulnerability_id":"VCID-zbyh-ajmd-tybh","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47887","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50971","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.51117","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.51102","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376","reference_id":"1085376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319034","reference_id":"2319034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319034"},{"reference_url":"https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049","reference_id":"56b2fc3302836405b496e196a8d5fc0195e55049","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049"},{"reference_url":"https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a","reference_id":"7c1398854d51f9bb193fb79f226647351133d08a","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a"},{"reference_url":"https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545","reference_id":"8e057db25bff1dc7a98e9ae72e0083825b9ac545","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47887","reference_id":"CVE-2024-47887","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47887"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml","reference_id":"CVE-2024-47887.YML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml"},{"reference_url":"https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2","reference_id":"f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2"},{"reference_url":"https://github.com/advisories/GHSA-vfg9-r3fq-jvx4","reference_id":"GHSA-vfg9-r3fq-jvx4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfg9-r3fq-jvx4"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4","reference_id":"GHSA-vfg9-r3fq-jvx4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4"},{"reference_url":"https://usn.ubuntu.com/7290-1/","reference_id":"USN-7290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2024-47887","GHSA-vfg9-r3fq-jvx4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbyh-ajmd-tybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31082?format=json","vulnerability_id":"VCID-zxy2-w4m6-tucw","summary":"Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability  in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54133","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.4093","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40739","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40906","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54133","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54133"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250306-0010","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250306-0010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755","reference_id":"1089755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331619","reference_id":"2331619","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331619"},{"reference_url":"https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49","reference_id":"2e3f41e4538b9ca1044357f6644f037bbb7c6c49","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49"},{"reference_url":"https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a","reference_id":"3da2479cfe1e00177114b17e496213c40d286b3a","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a"},{"reference_url":"https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542","reference_id":"5558e72f22fc69c1c407b31ac5fb3b4ce087b542","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542"},{"reference_url":"https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d","reference_id":"cb16a3bb515b5d769f73926d9757270ace691f1d","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d"},{"reference_url":"https://github.com/advisories/GHSA-vfm5-rmrh-j26v","reference_id":"GHSA-vfm5-rmrh-j26v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vfm5-rmrh-j26v"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v","reference_id":"GHSA-vfm5-rmrh-j26v","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074931?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3z-t7sf-vqec"},{"vulnerability":"VCID-8q5p-kbjf-2fgc"},{"vulnerability":"VCID-f6yu-hg4c-hfe7"},{"vulnerability":"VCID-fspa-dfnv-jyd3"},{"vulnerability":"VCID-ky23-ggur-b3dn"},{"vulnerability":"VCID-m814-bzwg-fbc1"},{"vulnerability":"VCID-mjy3-9dkc-5fgq"},{"vulnerability":"VCID-sbb8-q7rv-ukh5"},{"vulnerability":"VCID-sxdt-xfjy-8bbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2024-54133","GHSA-vfm5-rmrh-j26v"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxy2-w4m6-tucw"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183408?format=json","vulnerability_id":"VCID-a67r-11ec-zffe","summary":"Multiple vulnerabilities have been discovered in Rails, the worst of which\n    leading to the execution of arbitrary SQL statements.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2422","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61434","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61442","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6133","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422"},{"reference_url":"http://secunia.com/advisories/35702","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/35702"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51528","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51528"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702"},{"reference_url":"https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579"},{"reference_url":"http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest"},{"reference_url":"http://www.securityfocus.com/bid/35579","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/35579"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1802","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/1802"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=509564","reference_id":"509564","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=509564"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896","reference_id":"535896","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2422","reference_id":"CVE-2009-2422","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2422"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml","reference_id":"CVE-2009-2422.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml"},{"reference_url":"https://github.com/advisories/GHSA-rxq3-gm4p-5fj4","reference_id":"GHSA-rxq3-gm4p-5fj4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rxq3-gm4p-5fj4"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073997?format=json","purl":"pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2529-ucg8-dkgy"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3nsx-u3u3-7fh7"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-58mv-ca6x-ruh8"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-7b9s-j981-audq"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9c9c-jwz1-zycr"},{"vulnerability":"VCID-9cgs-zd4y-2qdz"},{"vulnerability":"VCID-9j8b-jg5m-1kgk"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a6dm-ywkf-wkgh"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-arbz-y6ud-mbap"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fu6v-k8cg-d3c7"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-gxj4-um99-mbg4"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-mw4w-k3vk-y7gr"},{"vulnerability":"VCID-ndgd-kzmk-7fab"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-v1py-zs44-n7cz"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8"}],"aliases":["CVE-2009-2422","GHSA-rxq3-gm4p-5fj4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a67r-11ec-zffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183410?format=json","vulnerability_id":"VCID-bn9m-pqu3-bffj","summary":"Multiple vulnerabilities have been discovered in Rails, the worst of which\n    leading to the execution of arbitrary SQL statements.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3086","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68618","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68724","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68711","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086"},{"reference_url":"http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/36600"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0"},{"reference_url":"https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978"},{"reference_url":"https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686"},{"reference_url":"https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600"},{"reference_url":"https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427"},{"reference_url":"http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails"},{"reference_url":"http://www.debian.org/security/2011/dsa-2260","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2260"},{"reference_url":"http://www.securityfocus.com/bid/37427","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/37427"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","reference_id":"545063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3086","reference_id":"CVE-2009-3086","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3086"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml","reference_id":"CVE-2009-3086.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml","reference_id":"CVE-2009-3086.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml"},{"reference_url":"https://github.com/advisories/GHSA-fg9w-g6m4-557j","reference_id":"GHSA-fg9w-g6m4-557j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fg9w-g6m4-557j"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073997?format=json","purl":"pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2529-ucg8-dkgy"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3nsx-u3u3-7fh7"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-58mv-ca6x-ruh8"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-7b9s-j981-audq"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9c9c-jwz1-zycr"},{"vulnerability":"VCID-9cgs-zd4y-2qdz"},{"vulnerability":"VCID-9j8b-jg5m-1kgk"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a6dm-ywkf-wkgh"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-arbz-y6ud-mbap"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fu6v-k8cg-d3c7"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-gxj4-um99-mbg4"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-mw4w-k3vk-y7gr"},{"vulnerability":"VCID-ndgd-kzmk-7fab"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-v1py-zs44-n7cz"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8"}],"aliases":["CVE-2009-3086","GHSA-fg9w-g6m4-557j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bn9m-pqu3-bffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183407?format=json","vulnerability_id":"VCID-cab4-yeek-cfcw","summary":"Multiple vulnerabilities have been discovered in Rails, the worst of which\n    leading to the execution of arbitrary SQL statements.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en"},{"reference_url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup"},{"reference_url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/","reference_id":"","reference_type":"","scores":[],"url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7248","reference_id":"","reference_type":"","scores":[{"value":"0.11409","scoring_system":"epss","scoring_elements":"0.93758","published_at":"2026-06-12T12:55:00Z"},{"value":"0.11409","scoring_system":"epss","scoring_elements":"0.93738","published_at":"2026-06-11T12:55:00Z"},{"value":"0.11409","scoring_system":"epss","scoring_elements":"0.93762","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7248"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=544329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=544329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248"},{"reference_url":"http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/36600"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"},{"reference_url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup"},{"reference_url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/","reference_id":"","reference_type":"","scores":[],"url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/"},{"reference_url":"https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1"},{"reference_url":"https://www.openwall.com/lists/oss-security/2009/11/28/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2009/11/28/1"},{"reference_url":"https://www.openwall.com/lists/oss-security/2009/12/02/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2009/12/02/2"},{"reference_url":"https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html"},{"reference_url":"http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/28/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/28/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/12/02/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/12/02/2"},{"reference_url":"http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685","reference_id":"558685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2008-7248","reference_id":"CVE-2008-7248","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2008-7248"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-7248","reference_id":"CVE-2008-7248","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-7248"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt","reference_id":"CVE-2008-7248;OSVDB-61124","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt"},{"reference_url":"https://www.securityfocus.com/bid/37322/info","reference_id":"CVE-2008-7248;OSVDB-61124","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/37322/info"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml","reference_id":"CVE-2008-7248.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml"},{"reference_url":"https://github.com/advisories/GHSA-8fqx-7pv4-3jwm","reference_id":"GHSA-8fqx-7pv4-3jwm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fqx-7pv4-3jwm"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073997?format=json","purl":"pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2529-ucg8-dkgy"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3nsx-u3u3-7fh7"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-58mv-ca6x-ruh8"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-7b9s-j981-audq"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9c9c-jwz1-zycr"},{"vulnerability":"VCID-9cgs-zd4y-2qdz"},{"vulnerability":"VCID-9j8b-jg5m-1kgk"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a6dm-ywkf-wkgh"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-arbz-y6ud-mbap"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fu6v-k8cg-d3c7"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-gxj4-um99-mbg4"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-mw4w-k3vk-y7gr"},{"vulnerability":"VCID-ndgd-kzmk-7fab"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-v1py-zs44-n7cz"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8"}],"aliases":["CVE-2008-7248","GHSA-8fqx-7pv4-3jwm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cab4-yeek-cfcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183411?format=json","vulnerability_id":"VCID-fry8-r6k2-auf2","summary":"Multiple vulnerabilities have been discovered in Rails, the worst of which\n    leading to the execution of arbitrary SQL statements.","references":[{"reference_url":"http://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/rails/rails"},{"reference_url":"http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5"},{"reference_url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4214","reference_id":"","reference_type":"","scores":[{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.82389","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.82318","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.82379","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214"},{"reference_url":"http://secunia.com/advisories/37446","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/37446"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released"},{"reference_url":"http://www.debian.org/security/2011/dsa-2260","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2260"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/27/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/27/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/12/08/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/12/08/3"},{"reference_url":"http://www.securityfocus.com/bid/37142","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/37142"},{"reference_url":"http://www.securitytracker.com/id?1023245","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id?1023245"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3352","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/3352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=542786","reference_id":"542786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=542786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685","reference_id":"558685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-4214","reference_id":"CVE-2009-4214","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-4214"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml","reference_id":"CVE-2009-4214.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml"},{"reference_url":"https://github.com/advisories/GHSA-9p3v-wf2w-v29c","reference_id":"GHSA-9p3v-wf2w-v29c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9p3v-wf2w-v29c"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073997?format=json","purl":"pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2529-ucg8-dkgy"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3nsx-u3u3-7fh7"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-58mv-ca6x-ruh8"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-7b9s-j981-audq"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9c9c-jwz1-zycr"},{"vulnerability":"VCID-9cgs-zd4y-2qdz"},{"vulnerability":"VCID-9j8b-jg5m-1kgk"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a6dm-ywkf-wkgh"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-arbz-y6ud-mbap"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fu6v-k8cg-d3c7"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-gxj4-um99-mbg4"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-mw4w-k3vk-y7gr"},{"vulnerability":"VCID-ndgd-kzmk-7fab"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-v1py-zs44-n7cz"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8"}],"aliases":["CVE-2009-4214","GHSA-9p3v-wf2w-v29c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fry8-r6k2-auf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183409?format=json","vulnerability_id":"VCID-ryyh-3t4j-hygv","summary":"Multiple vulnerabilities have been discovered in Rails, the worst of which\n    leading to the execution of arbitrary SQL statements.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"},{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3009","reference_id":"","reference_type":"","scores":[{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.82389","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.82318","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.82379","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009"},{"reference_url":"http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/36600"},{"reference_url":"http://secunia.com/advisories/36717","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/36717"},{"reference_url":"http://securitytracker.com/id?1022824","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securitytracker.com/id?1022824"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53036"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails"},{"reference_url":"http://www.debian.org/security/2009/dsa-1887","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2009/dsa-1887"},{"reference_url":"http://www.osvdb.org/57666","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.osvdb.org/57666"},{"reference_url":"http://www.securityfocus.com/bid/36278","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/36278"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=520843","reference_id":"520843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=520843"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","reference_id":"545063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3009","reference_id":"CVE-2009-3009","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3009"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml","reference_id":"CVE-2009-3009.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml"},{"reference_url":"https://github.com/advisories/GHSA-8qrh-h9m2-5fvf","reference_id":"GHSA-8qrh-h9m2-5fvf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qrh-h9m2-5fvf"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073997?format=json","purl":"pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-1a29-4ncr-bbgm"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2529-ucg8-dkgy"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-3nsx-u3u3-7fh7"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-58mv-ca6x-ruh8"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-7659-nqt4-cyes"},{"vulnerability":"VCID-7b9s-j981-audq"},{"vulnerability":"VCID-873z-9zhz-3fhg"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-9c9c-jwz1-zycr"},{"vulnerability":"VCID-9cgs-zd4y-2qdz"},{"vulnerability":"VCID-9j8b-jg5m-1kgk"},{"vulnerability":"VCID-9m63-rwun-nubx"},{"vulnerability":"VCID-a6dm-ywkf-wkgh"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-abxz-4rbx-zfhe"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-arbz-y6ud-mbap"},{"vulnerability":"VCID-av5v-ktz7-9ybf"},{"vulnerability":"VCID-ayfj-arqs-5khk"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-c9r4-ps21-fked"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-d7kf-83av-dkes"},{"vulnerability":"VCID-ez3g-ygna-jkb8"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fu6v-k8cg-d3c7"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-gujm-trnh-fqaa"},{"vulnerability":"VCID-gxj4-um99-mbg4"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-jgeh-r771-5fcf"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-mw4w-k3vk-y7gr"},{"vulnerability":"VCID-ndgd-kzmk-7fab"},{"vulnerability":"VCID-nrn7-7mxv-6qay"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-qz2f-jse8-9bhj"},{"vulnerability":"VCID-resj-j2ea-hbck"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sck9-xd5q-fuga"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-u15m-jr9m-wyd3"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"},{"vulnerability":"VCID-usqn-hb81-pyf6"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-v1py-zs44-n7cz"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-vczd-qydk-1bhj"},{"vulnerability":"VCID-vfmh-49eu-gbh8"},{"vulnerability":"VCID-x5c1-by5h-ubau"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8"}],"aliases":["CVE-2009-3009","GHSA-8qrh-h9m2-5fvf","OSV-57666"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ryyh-3t4j-hygv"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8"}