Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/12581?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/12581?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "type": "gem", "namespace": "", "name": "actionpack", "version": "3.2.22.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.2.8.15", "latest_non_vulnerable_version": "8.1.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9082?format=api", "vulnerability_id": "VCID-2s57-9frf-4qhk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03338", "scoring_system": "epss", "scoring_elements": "0.87573", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.4.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.4.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.0.3.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.0.3.7" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ" }, { "reference_url": "https://hackerone.com/reports/1101125", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1101125" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379", "reference_id": "1961379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-1920", "reference_id": "AVG-1920", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1920" }, { "reference_url": "https://security.archlinux.org/AVG-1921", "reference_id": "AVG-1921", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1921" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584", "reference_id": "GHSA-7wjx-3g7j-8584", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383579?format=api", "purl": "pkg:gem/actionpack@5.2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/383578?format=api", "purl": "pkg:gem/actionpack@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/383576?format=api", "purl": "pkg:gem/actionpack@6.0.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/383577?format=api", "purl": "pkg:gem/actionpack@6.1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2" } ], "aliases": [ "CVE-2021-22904", "GHSA-7wjx-3g7j-8584" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2s57-9frf-4qhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15119?format=api", "vulnerability_id": "VCID-2uka-fwza-dyfc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02264", "scoring_system": "epss", "scoring_elements": "0.84992", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800", "reference_id": "2164800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115", "reference_id": "82115", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "dsa-5372", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj", "reference_id": "GHSA-p84v-45xj-wwqj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007/", "reference_id": "ntap-20240202-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379897?format=api", "purl": "pkg:gem/actionpack@5.2.8.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/379898?format=api", "purl": "pkg:gem/actionpack@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379899?format=api", "purl": "pkg:gem/actionpack@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1" } ], "aliases": [ "CVE-2023-22792", "GHSA-p84v-45xj-wwqj", "GMS-2023-58" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2uka-fwza-dyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20041?format=api", "vulnerability_id": "VCID-3k19-3heq-dufq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68652", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075", "reference_id": "27121e80f6dbb260f5a9f0452cd8411cb681f075", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075" }, { "reference_url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef", "reference_id": "b0fe99fa854ec8ff4498e75779b458392d1560ef", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef" }, { "reference_url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891", "reference_id": "b1241f468d1b32235f438c2e2203386e6efd3891", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2024-41128", "reference_id": "cve-2024-41128", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2024-41128" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128", "reference_id": "CVE-2024-41128", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml", "reference_id": "CVE-2024-41128.YML", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml" }, { "reference_url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd", "reference_id": "fb493bebae1a9b83e494fe7edbf01f6167d606fd", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd" }, { "reference_url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "GHSA-x76w-6vjr-8xgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "GHSA-x76w-6vjr-8xgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036", "reference_id": "show_bug.cgi?id=2319036", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33871?format=api", "purl": "pkg:gem/actionpack@6.1.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/529701?format=api", "purl": "pkg:gem/actionpack@7.0.0.alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33875?format=api", "purl": "pkg:gem/actionpack@7.0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/720801?format=api", "purl": "pkg:gem/actionpack@7.1.0.beta1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33872?format=api", "purl": "pkg:gem/actionpack@7.1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31926?format=api", "purl": "pkg:gem/actionpack@7.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q148-xawj-bkeu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33874?format=api", "purl": "pkg:gem/actionpack@7.2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/753522?format=api", "purl": "pkg:gem/actionpack@8.0.0.beta1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1" } ], "aliases": [ "CVE-2024-41128", "GHSA-x76w-6vjr-8xgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3k19-3heq-dufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201220?format=api", "vulnerability_id": "VCID-4svc-v1pz-x3ab", "summary": "High severity vulnerability that affects actionpack", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098", "reference_id": "CVE-2016-2098", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098" }, { "reference_url": "https://github.com/advisories/GHSA-hx46-vwmx-wx95", "reference_id": "GHSA-hx46-vwmx-wx95", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hx46-vwmx-wx95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12582?format=api", "purl": "pkg:gem/actionpack@3.2.22.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/12583?format=api", "purl": "pkg:gem/actionpack@4.1.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/12609?format=api", "purl": "pkg:gem/actionpack@4.2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.2" } ], "aliases": [ "GHSA-hx46-vwmx-wx95" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4svc-v1pz-x3ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/997?format=api", "vulnerability_id": "VCID-akcz-6jhs-7bdq", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83693", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4" }, { "reference_url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122" }, { "reference_url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726" }, { "reference_url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3509", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043", "reference_id": "1310043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097", "reference_id": "CVE-2016-2097", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml", "reference_id": "CVE-2016-2097.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml", "reference_id": "CVE-2016-2097.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml" }, { "reference_url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8", "reference_id": "GHSA-vx9j-46rh-fqr8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0456", "reference_id": "RHSA-2016:0456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12582?format=api", "purl": "pkg:gem/actionpack@3.2.22.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/12583?format=api", "purl": "pkg:gem/actionpack@4.1.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.2" } ], "aliases": [ "CVE-2016-2097", "GHSA-vx9j-46rh-fqr8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akcz-6jhs-7bdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9081?format=api", "vulnerability_id": "VCID-f5mb-arn4-skau", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26541", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22903" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0" }, { "reference_url": "https://hackerone.com/reports/1148025", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1148025" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22903", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957438", "reference_id": "1957438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957438" }, { "reference_url": "https://security.archlinux.org/AVG-1919", "reference_id": "AVG-1919", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1919" }, { "reference_url": "https://github.com/advisories/GHSA-5hq2-xf89-9jxq", "reference_id": "GHSA-5hq2-xf89-9jxq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hq2-xf89-9jxq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383577?format=api", "purl": "pkg:gem/actionpack@6.1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2" } ], "aliases": [ "CVE-2021-22903", "GHSA-5hq2-xf89-9jxq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5mb-arn4-skau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15120?format=api", "vulnerability_id": "VCID-fnx8-28wd-qqgx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01304", "scoring_system": "epss", "scoring_elements": "0.80176", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f" }, { "reference_url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0" }, { "reference_url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799", "reference_id": "2164799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799" }, { "reference_url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv", "reference_id": "GHSA-8xww-x3g3-6jcv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379898?format=api", "purl": "pkg:gem/actionpack@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379899?format=api", "purl": "pkg:gem/actionpack@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1" } ], "aliases": [ "CVE-2023-22795", "GHSA-8xww-x3g3-6jcv", "GMS-2023-56" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnx8-28wd-qqgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1682?format=api", "vulnerability_id": "VCID-g6pk-2xpv-rugw", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82277", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE" }, { "reference_url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3651", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3651" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/11/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008", "reference_id": "1365008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155", "reference_id": "834155", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316", "reference_id": "CVE-2016-6316", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316" }, { "reference_url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316", "reference_id": "CVE-2016-6316", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml", "reference_id": "CVE-2016-6316.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml" }, { "reference_url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj", "reference_id": "GHSA-pc3m-v286-2jwj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1855", "reference_id": "RHSA-2016:1855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1856", "reference_id": "RHSA-2016:1856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1857", "reference_id": "RHSA-2016:1857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1858", "reference_id": "RHSA-2016:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388690?format=api", "purl": "pkg:gem/actionpack@3.2.22.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.3" } ], "aliases": [ "CVE-2016-6316", "GHSA-pc3m-v286-2jwj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6pk-2xpv-rugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15324?format=api", "vulnerability_id": "VCID-h6gd-uea5-u3bp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43064", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250502-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250502-0009" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058", "reference_id": "1051058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058" }, { "reference_url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441", "reference_id": "1c3f93d1e90a3475f9ae2377ead25ccf11f71441", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785", "reference_id": "2217785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785" }, { "reference_url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5", "reference_id": "69e37c84e3f77d75566424c7d0015172d6a6fac5", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132", "reference_id": "83132", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132" }, { "reference_url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf", "reference_id": "GHSA-4g8v-vg43-wpgf", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7851", "reference_id": "RHSA-2023:7851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381693?format=api", "purl": "pkg:gem/actionpack@6.1.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381694?format=api", "purl": "pkg:gem/actionpack@7.0.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.5.1" } ], "aliases": [ "CVE-2023-28362", "GHSA-4g8v-vg43-wpgf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gd-uea5-u3bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204972?format=api", "vulnerability_id": "VCID-jyvd-yu2u-rucu", "summary": "Untrusted users can run pending migrations in production in Rails", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.72046", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8185" }, { "reference_url": "https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0" }, { "reference_url": "https://hackerone.com/reports/899069", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/899069" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852380", "reference_id": "1852380", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852380" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081", "reference_id": "964081", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8185", "reference_id": "CVE-2020-8185", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8185" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml", "reference_id": "CVE-2020-8185.YML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml" }, { "reference_url": "https://github.com/advisories/GHSA-c6qr-h5vq-59jc", "reference_id": "GHSA-c6qr-h5vq-59jc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6qr-h5vq-59jc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16687?format=api", "purl": "pkg:gem/actionpack@6.0.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.2" } ], "aliases": [ "CVE-2020-8185", "GHSA-c6qr-h5vq-59jc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyvd-yu2u-rucu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11771?format=api", "vulnerability_id": "VCID-kkxa-423m-vqbt", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75352", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982", "reference_id": "1016982", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296", "reference_id": "2080296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777", "reference_id": "CVE-2022-27777", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml", "reference_id": "CVE-2022-27777.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv", "reference_id": "GHSA-ch3h-j2vf-95pv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20320?format=api", "purl": "pkg:gem/actionpack@5.2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20317?format=api", "purl": "pkg:gem/actionpack@6.0.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/20322?format=api", "purl": "pkg:gem/actionpack@6.1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20325?format=api", "purl": "pkg:gem/actionpack@7.0.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g5uw-9j6g-cyb6" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.4" } ], "aliases": [ "CVE-2022-27777", "GHSA-ch3h-j2vf-95pv", "GMS-2022-1138" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkxa-423m-vqbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8770?format=api", "vulnerability_id": "VCID-kqsm-qvtq-4kc6", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91913", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY" }, { "reference_url": "https://hackerone.com/reports/292797", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/292797" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634", "reference_id": "1842634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164", "reference_id": "CVE-2020-8164", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml", "reference_id": "CVE-2020-8164.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8727-m6gj-mc37", "reference_id": "GHSA-8727-m6gj-mc37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8727-m6gj-mc37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16529?format=api", "purl": "pkg:gem/actionpack@5.2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/16532?format=api", "purl": "pkg:gem/actionpack@6.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.1" } ], "aliases": [ "CVE-2020-8164", "GHSA-8727-m6gj-mc37" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsm-qvtq-4kc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/182783?format=api", "vulnerability_id": "VCID-tp7w-62cp-2yhr", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86668", "scoring_system": "epss", "scoring_elements": "0.99442", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q" }, { "reference_url": "https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725" }, { "reference_url": "https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ" }, { "reference_url": "https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122" }, { "reference_url": "https://www.exploit-db.com/exploits/40086", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/40086" }, { "reference_url": "https://www.exploit-db.com/exploits/40086/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/40086/" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3509", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054", "reference_id": "1310054", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb", "reference_id": "CVE-2016-2098", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098", "reference_id": "CVE-2016-2098", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml", "reference_id": "CVE-2016-2098.YML", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml" }, { "reference_url": "https://github.com/advisories/GHSA-78rc-8c29-p45g", "reference_id": "GHSA-78rc-8c29-p45g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-78rc-8c29-p45g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0456", "reference_id": "RHSA-2016:0456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12582?format=api", "purl": "pkg:gem/actionpack@3.2.22.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/12583?format=api", "purl": "pkg:gem/actionpack@4.1.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/12609?format=api", "purl": "pkg:gem/actionpack@4.2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.2" } ], "aliases": [ "CVE-2016-2098", "GHSA-78rc-8c29-p45g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tp7w-62cp-2yhr" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201467?format=api", "vulnerability_id": "VCID-15yu-avdn-yyc6", "summary": "Moderate severity vulnerability that affects actionpack", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751", "reference_id": "CVE-2016-0751", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751" }, { "reference_url": "https://github.com/advisories/GHSA-m53f-rhq8-q6hf", "reference_id": "GHSA-m53f-rhq8-q6hf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m53f-rhq8-q6hf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12581?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12576?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12607?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" } ], "aliases": [ "GHSA-m53f-rhq8-q6hf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15yu-avdn-yyc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/738?format=api", "vulnerability_id": "VCID-1a29-4ncr-bbgm", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08895", "scoring_system": "epss", "scoring_elements": "0.9275", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17" }, { "reference_url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6" }, { "reference_url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc" }, { "reference_url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946", "reference_id": "1301946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751", "reference_id": "CVE-2016-0751", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml", "reference_id": "CVE-2016-0751.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v", "reference_id": "GHSA-ffpv-c4hm-3x6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12581?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12576?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12607?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/388498?format=api", "purl": "pkg:gem/actionpack@5.0.0.beta1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1" } ], "aliases": [ "CVE-2016-0751", "GHSA-ffpv-c4hm-3x6v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1a29-4ncr-bbgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/492?format=api", "vulnerability_id": "VCID-d7kf-83av-dkes", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01119", "scoring_system": "epss", "scoring_elements": "0.78644", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k" }, { "reference_url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933", "reference_id": "1301933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576", "reference_id": "CVE-2015-7576", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml", "reference_id": "CVE-2015-7576.YML", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml" }, { "reference_url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg", "reference_id": "GHSA-p692-7mm3-3fxg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12581?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12576?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12607?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/388498?format=api", "purl": "pkg:gem/actionpack@5.0.0.beta1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1" } ], "aliases": [ "CVE-2015-7576", "GHSA-p692-7mm3-3fxg" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7kf-83av-dkes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/739?format=api", "vulnerability_id": "VCID-hfz8-rhgw-hydt", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90494", "scoring_system": "epss", "scoring_elements": "0.99628", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00" }, { "reference_url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752" }, { "reference_url": "https://www.exploit-db.com/exploits/40561", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/40561" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "1034816", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/13", "reference_id": "13", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/13" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963", "reference_id": "1301963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html", "reference_id": "178044.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html", "reference_id": "178069.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html" }, { "reference_url": "https://www.exploit-db.com/exploits/40561/", "reference_id": "40561", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://www.exploit-db.com/exploits/40561/" }, { "reference_url": "http://www.securityfocus.com/bid/81801", "reference_id": "81801", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb", "reference_id": "CVE-2016-0752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752", "reference_id": "CVE-2016-0752", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "dsa-3464", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7", "reference_id": "GHSA-xrr4-p6fq-hjg7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "JXcBnTtZEgAJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "msg00043.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "msg00053.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "RHSA-2016-0296.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12581?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12576?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12607?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" } ], "aliases": [ "CVE-2016-0752", "GHSA-xrr4-p6fq-hjg7" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfz8-rhgw-hydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201485?format=api", "vulnerability_id": "VCID-wjra-fguf-sqdq", "summary": "Moderate severity vulnerability that affects actionpack", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576", "reference_id": "CVE-2015-7576", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576" }, { "reference_url": "https://github.com/advisories/GHSA-vwfg-qj3r-6v3r", "reference_id": "GHSA-vwfg-qj3r-6v3r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vwfg-qj3r-6v3r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12581?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12576?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12607?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" } ], "aliases": [ "GHSA-vwfg-qj3r-6v3r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wjra-fguf-sqdq" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }