{"url":"http://public2.vulnerablecode.io/api/packages/123428?format=json","purl":"pkg:rpm/redhat/ruby193-rubygem-actionpack@1:3.2.8-5.1?arch=el6","type":"rpm","namespace":"redhat","name":"ruby193-rubygem-actionpack","version":"1:3.2.8-5.1","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6871?format=json","vulnerability_id":"VCID-5hqj-fxmk-cbcy","summary":"XSS Vulnerability in number_to_currency\nThe number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81354","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81207","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81229","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81237","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81243","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81259","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81278","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81299","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81295","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81312","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81107","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81116","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81139","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81138","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81165","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81172","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81191","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81177","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81171","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81208","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/402","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/402"},{"reference_url":"https://github.com/advisories/GHSA-6h5q-96hp-9jgm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6h5q-96hp-9jgm"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6415"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6415"},{"reference_url":"https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036910","reference_id":"1036910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"}],"fixed_packages":[],"aliases":["CVE-2013-6415","GHSA-6h5q-96hp-9jgm","OSV-100524"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hqj-fxmk-cbcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6873?format=json","vulnerability_id":"VCID-kcj2-v7av-47cv","summary":"Reflective XSS Vulnerability\nThere is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4491","reference_id":"","reference_type":"","scores":[{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72485","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72394","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72391","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72382","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72412","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72439","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72401","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72428","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72258","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72264","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72259","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72298","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.7231","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72333","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72303","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72354","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72342","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72385","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/401","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/401"},{"reference_url":"https://github.com/advisories/GHSA-699m-mcjm-9cw8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-699m-mcjm-9cw8"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4491","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4491"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036922","reference_id":"1036922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"}],"fixed_packages":[],"aliases":["CVE-2013-4491","GHSA-699m-mcjm-9cw8","OSV-100528"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcj2-v7av-47cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6869?format=json","vulnerability_id":"VCID-nf8s-2aaa-17fw","summary":"Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)\nDue to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0469.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0469.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66673","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66512","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.6653","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66515","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66539","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66555","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66556","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66574","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66618","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66592","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66611","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66402","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66441","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66468","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66439","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66487","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66501","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.6652","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66477","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/403","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/403"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6417"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6417"},{"reference_url":"https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036409","reference_id":"1036409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036409"},{"reference_url":"https://github.com/advisories/GHSA-wpw7-wxjm-cw8r","reference_id":"GHSA-wpw7-wxjm-cw8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpw7-wxjm-cw8r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0469","reference_id":"RHSA-2014:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0469"}],"fixed_packages":[],"aliases":["CVE-2013-6417","GHSA-wpw7-wxjm-cw8r","OSV-100527"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nf8s-2aaa-17fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6870?format=json","vulnerability_id":"VCID-pmrb-t3bm-zkb6","summary":"Denial of Service Vulnerability in Action View\nThere is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98712","published_at":"2026-04-29T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.9871","published_at":"2026-04-26T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98708","published_at":"2026-04-24T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98704","published_at":"2026-04-21T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98702","published_at":"2026-04-16T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98687","published_at":"2026-04-01T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98688","published_at":"2026-04-02T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98691","published_at":"2026-04-04T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98695","published_at":"2026-04-07T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98696","published_at":"2026-04-09T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.987","published_at":"2026-04-13T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98699","published_at":"2026-04-12T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98723","published_at":"2026-05-14T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98722","published_at":"2026-05-12T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.9872","published_at":"2026-05-11T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98719","published_at":"2026-05-09T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98718","published_at":"2026-05-07T12:55:00Z"},{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98716","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/400","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/400"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6414"},{"reference_url":"https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836"},{"reference_url":"https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036483","reference_id":"1036483","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036483"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6414","reference_id":"CVE-2013-6414","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6414"},{"reference_url":"https://github.com/advisories/GHSA-mpxf-gcw2-pw5q","reference_id":"GHSA-mpxf-gcw2-pw5q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpxf-gcw2-pw5q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"}],"fixed_packages":[],"aliases":["CVE-2013-6414","GHSA-mpxf-gcw2-pw5q","OSV-100525"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmrb-t3bm-zkb6"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby193-rubygem-actionpack@1:3.2.8-5.1%3Farch=el6"}