{"url":"http://public2.vulnerablecode.io/api/packages/12581?format=json","purl":"pkg:gem/actionpack@3.2.22.1","type":"gem","namespace":"","name":"actionpack","version":"3.2.22.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.2.8.15","latest_non_vulnerable_version":"8.1.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9082?format=json","vulnerability_id":"VCID-2s57-9frf-4qhk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22904","reference_id":"","reference_type":"","scores":[{"value":"0.03338","scoring_system":"epss","scoring_elements":"0.87573","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v5.2.4.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v5.2.4.6"},{"reference_url":"https://github.com/rails/rails/releases/tag/v5.2.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v5.2.6"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.0.3.7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.0.3.7"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.3.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.3.2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ"},{"reference_url":"https://hackerone.com/reports/1101125","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1101125"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22904","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22904"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210805-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210805-0009/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961379","reference_id":"1961379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961379"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214","reference_id":"988214","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214"},{"reference_url":"https://security.archlinux.org/AVG-1920","reference_id":"AVG-1920","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1920"},{"reference_url":"https://security.archlinux.org/AVG-1921","reference_id":"AVG-1921","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1921"},{"reference_url":"https://security.archlinux.org/AVG-2090","reference_id":"AVG-2090","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2090"},{"reference_url":"https://security.archlinux.org/AVG-2223","reference_id":"AVG-2223","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2223"},{"reference_url":"https://github.com/advisories/GHSA-7wjx-3g7j-8584","reference_id":"GHSA-7wjx-3g7j-8584","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7wjx-3g7j-8584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383579?format=json","purl":"pkg:gem/actionpack@5.2.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/383578?format=json","purl":"pkg:gem/actionpack@5.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/383576?format=json","purl":"pkg:gem/actionpack@6.0.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/383577?format=json","purl":"pkg:gem/actionpack@6.1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2"}],"aliases":["CVE-2021-22904","GHSA-7wjx-3g7j-8584"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2s57-9frf-4qhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15119?format=json","vulnerability_id":"VCID-2uka-fwza-dyfc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792","reference_id":"","reference_type":"","scores":[{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.84992","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800","reference_id":"2164800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115","reference_id":"82115","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115"},{"reference_url":"https://www.debian.org/security/2023/dsa-5372","reference_id":"dsa-5372","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://www.debian.org/security/2023/dsa-5372"},{"reference_url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj","reference_id":"GHSA-p84v-45xj-wwqj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007/","reference_id":"ntap-20240202-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379897?format=json","purl":"pkg:gem/actionpack@5.2.8.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8.15"},{"url":"http://public2.vulnerablecode.io/api/packages/379898?format=json","purl":"pkg:gem/actionpack@6.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379899?format=json","purl":"pkg:gem/actionpack@7.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-6hkq-y2fb-skgq"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1"}],"aliases":["CVE-2023-22792","GHSA-p84v-45xj-wwqj","GMS-2023-58"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2uka-fwza-dyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20041?format=json","vulnerability_id":"VCID-3k19-3heq-dufq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41128","reference_id":"","reference_type":"","scores":[{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68652","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376","reference_id":"1085376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376"},{"reference_url":"https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075","reference_id":"27121e80f6dbb260f5a9f0452cd8411cb681f075","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075"},{"reference_url":"https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef","reference_id":"b0fe99fa854ec8ff4498e75779b458392d1560ef","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef"},{"reference_url":"https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891","reference_id":"b1241f468d1b32235f438c2e2203386e6efd3891","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891"},{"reference_url":"https://access.redhat.com/security/cve/cve-2024-41128","reference_id":"cve-2024-41128","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://access.redhat.com/security/cve/cve-2024-41128"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41128","reference_id":"CVE-2024-41128","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41128"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml","reference_id":"CVE-2024-41128.YML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml"},{"reference_url":"https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd","reference_id":"fb493bebae1a9b83e494fe7edbf01f6167d606fd","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd"},{"reference_url":"https://github.com/advisories/GHSA-x76w-6vjr-8xgj","reference_id":"GHSA-x76w-6vjr-8xgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x76w-6vjr-8xgj"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj","reference_id":"GHSA-x76w-6vjr-8xgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319036","reference_id":"show_bug.cgi?id=2319036","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319036"},{"reference_url":"https://usn.ubuntu.com/7290-1/","reference_id":"USN-7290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33871?format=json","purl":"pkg:gem/actionpack@6.1.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/529701?format=json","purl":"pkg:gem/actionpack@7.0.0.alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/33875?format=json","purl":"pkg:gem/actionpack@7.0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/720801?format=json","purl":"pkg:gem/actionpack@7.1.0.beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/33872?format=json","purl":"pkg:gem/actionpack@7.1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/31926?format=json","purl":"pkg:gem/actionpack@7.2.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q148-xawj-bkeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/33874?format=json","purl":"pkg:gem/actionpack@7.2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/753522?format=json","purl":"pkg:gem/actionpack@8.0.0.beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1"}],"aliases":["CVE-2024-41128","GHSA-x76w-6vjr-8xgj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3k19-3heq-dufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201220?format=json","vulnerability_id":"VCID-4svc-v1pz-x3ab","summary":"High severity vulnerability that affects actionpack","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2098","reference_id":"CVE-2016-2098","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2098"},{"reference_url":"https://github.com/advisories/GHSA-hx46-vwmx-wx95","reference_id":"GHSA-hx46-vwmx-wx95","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hx46-vwmx-wx95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12582?format=json","purl":"pkg:gem/actionpack@3.2.22.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.2"},{"url":"http://public2.vulnerablecode.io/api/packages/12583?format=json","purl":"pkg:gem/actionpack@4.1.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/12609?format=json","purl":"pkg:gem/actionpack@4.2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.2"}],"aliases":["GHSA-hx46-vwmx-wx95"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4svc-v1pz-x3ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/997?format=json","vulnerability_id":"VCID-akcz-6jhs-7bdq","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2097","reference_id":"","reference_type":"","scores":[{"value":"0.01912","scoring_system":"epss","scoring_elements":"0.83693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4"},{"reference_url":"https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122"},{"reference_url":"https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726"},{"reference_url":"https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3509","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310043","reference_id":"1310043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310043"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2097","reference_id":"CVE-2016-2097","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2097"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml","reference_id":"CVE-2016-2097.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml","reference_id":"CVE-2016-2097.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml"},{"reference_url":"https://github.com/advisories/GHSA-vx9j-46rh-fqr8","reference_id":"GHSA-vx9j-46rh-fqr8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vx9j-46rh-fqr8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0456","reference_id":"RHSA-2016:0456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12582?format=json","purl":"pkg:gem/actionpack@3.2.22.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.2"},{"url":"http://public2.vulnerablecode.io/api/packages/12583?format=json","purl":"pkg:gem/actionpack@4.1.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.2"}],"aliases":["CVE-2016-2097","GHSA-vx9j-46rh-fqr8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akcz-6jhs-7bdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9081?format=json","vulnerability_id":"VCID-f5mb-arn4-skau","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22903","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26541","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22903"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.3.2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.3.2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0"},{"reference_url":"https://hackerone.com/reports/1148025","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1148025"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22903","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957438","reference_id":"1957438","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957438"},{"reference_url":"https://security.archlinux.org/AVG-1919","reference_id":"AVG-1919","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1919"},{"reference_url":"https://github.com/advisories/GHSA-5hq2-xf89-9jxq","reference_id":"GHSA-5hq2-xf89-9jxq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hq2-xf89-9jxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383577?format=json","purl":"pkg:gem/actionpack@6.1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2"}],"aliases":["CVE-2021-22903","GHSA-5hq2-xf89-9jxq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5mb-arn4-skau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15120?format=json","vulnerability_id":"VCID-fnx8-28wd-qqgx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.80176","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f"},{"reference_url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0"},{"reference_url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799","reference_id":"2164799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799"},{"reference_url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv","reference_id":"GHSA-8xww-x3g3-6jcv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379898?format=json","purl":"pkg:gem/actionpack@6.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379899?format=json","purl":"pkg:gem/actionpack@7.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-6hkq-y2fb-skgq"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1"}],"aliases":["CVE-2023-22795","GHSA-8xww-x3g3-6jcv","GMS-2023-56"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnx8-28wd-qqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1682?format=json","vulnerability_id":"VCID-g6pk-2xpv-rugw","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1856.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1856.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1857.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1857.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1858.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1858.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6316","reference_id":"","reference_type":"","scores":[{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82277","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE"},{"reference_url":"https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3651","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3651"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/08/11/3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/08/11/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365008","reference_id":"1365008","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365008"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155","reference_id":"834155","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6316","reference_id":"CVE-2016-6316","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6316"},{"reference_url":"https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316","reference_id":"CVE-2016-6316","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml","reference_id":"CVE-2016-6316.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml"},{"reference_url":"https://github.com/advisories/GHSA-pc3m-v286-2jwj","reference_id":"GHSA-pc3m-v286-2jwj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pc3m-v286-2jwj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1855","reference_id":"RHSA-2016:1855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1856","reference_id":"RHSA-2016:1856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1857","reference_id":"RHSA-2016:1857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1858","reference_id":"RHSA-2016:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388690?format=json","purl":"pkg:gem/actionpack@3.2.22.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.3"}],"aliases":["CVE-2016-6316","GHSA-pc3m-v286-2jwj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6pk-2xpv-rugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15324?format=json","vulnerability_id":"VCID-h6gd-uea5-u3bp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28362","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43064","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28362","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28362"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250502-0009","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250502-0009"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058","reference_id":"1051058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058"},{"reference_url":"https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441","reference_id":"1c3f93d1e90a3475f9ae2377ead25ccf11f71441","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217785","reference_id":"2217785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217785"},{"reference_url":"https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5","reference_id":"69e37c84e3f77d75566424c7d0015172d6a6fac5","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132","reference_id":"83132","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":""},{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132"},{"reference_url":"https://github.com/advisories/GHSA-4g8v-vg43-wpgf","reference_id":"GHSA-4g8v-vg43-wpgf","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://github.com/advisories/GHSA-4g8v-vg43-wpgf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7851","reference_id":"RHSA-2023:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7851"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381693?format=json","purl":"pkg:gem/actionpack@6.1.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/381694?format=json","purl":"pkg:gem/actionpack@7.0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-6hkq-y2fb-skgq"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.5.1"}],"aliases":["CVE-2023-28362","GHSA-4g8v-vg43-wpgf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gd-uea5-u3bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204972?format=json","vulnerability_id":"VCID-jyvd-yu2u-rucu","summary":"Untrusted users can run pending migrations in production in Rails","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8185","reference_id":"","reference_type":"","scores":[{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.72046","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8185"},{"reference_url":"https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0"},{"reference_url":"https://hackerone.com/reports/899069","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/899069"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852380","reference_id":"1852380","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852380"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081","reference_id":"964081","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8185","reference_id":"CVE-2020-8185","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8185"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml","reference_id":"CVE-2020-8185.YML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml"},{"reference_url":"https://github.com/advisories/GHSA-c6qr-h5vq-59jc","reference_id":"GHSA-c6qr-h5vq-59jc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6qr-h5vq-59jc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16687?format=json","purl":"pkg:gem/actionpack@6.0.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.2"}],"aliases":["CVE-2020-8185","GHSA-c6qr-h5vq-59jc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jyvd-yu2u-rucu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11771?format=json","vulnerability_id":"VCID-kkxa-423m-vqbt","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27777","reference_id":"","reference_type":"","scores":[{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75352","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"},{"reference_url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982","reference_id":"1016982","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080296","reference_id":"2080296","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080296"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27777","reference_id":"CVE-2022-27777","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27777"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml","reference_id":"CVE-2022-27777.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml"},{"reference_url":"https://github.com/advisories/GHSA-ch3h-j2vf-95pv","reference_id":"GHSA-ch3h-j2vf-95pv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ch3h-j2vf-95pv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20320?format=json","purl":"pkg:gem/actionpack@5.2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20317?format=json","purl":"pkg:gem/actionpack@6.0.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/20322?format=json","purl":"pkg:gem/actionpack@6.1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20325?format=json","purl":"pkg:gem/actionpack@7.0.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-6hkq-y2fb-skgq"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g5uw-9j6g-cyb6"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-q148-xawj-bkeu"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.4"}],"aliases":["CVE-2022-27777","GHSA-ch3h-j2vf-95pv","GMS-2022-1138"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkxa-423m-vqbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8770?format=json","vulnerability_id":"VCID-kqsm-qvtq-4kc6","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8164","reference_id":"","reference_type":"","scores":[{"value":"0.07389","scoring_system":"epss","scoring_elements":"0.91913","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"},{"reference_url":"https://hackerone.com/reports/292797","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/292797"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842634","reference_id":"1842634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842634"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8164","reference_id":"CVE-2020-8164","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8164"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml","reference_id":"CVE-2020-8164.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml"},{"reference_url":"https://github.com/advisories/GHSA-8727-m6gj-mc37","reference_id":"GHSA-8727-m6gj-mc37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8727-m6gj-mc37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16529?format=json","purl":"pkg:gem/actionpack@5.2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/16532?format=json","purl":"pkg:gem/actionpack@6.0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171r-59fd-2bbj"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-tnty-pw45-4ug3"},{"vulnerability":"VCID-uzrf-6puc-kygc"},{"vulnerability":"VCID-zbyh-ajmd-tybh"},{"vulnerability":"VCID-zxy2-w4m6-tucw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.1"}],"aliases":["CVE-2020-8164","GHSA-8727-m6gj-mc37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsm-qvtq-4kc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182783?format=json","vulnerability_id":"VCID-tp7w-62cp-2yhr","summary":"security update","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2098","reference_id":"","reference_type":"","scores":[{"value":"0.86668","scoring_system":"epss","scoring_elements":"0.99442","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q"},{"reference_url":"https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725"},{"reference_url":"https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"},{"reference_url":"https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122"},{"reference_url":"https://www.exploit-db.com/exploits/40086","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/40086"},{"reference_url":"https://www.exploit-db.com/exploits/40086/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/40086/"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3509","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310054","reference_id":"1310054","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310054"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb","reference_id":"CVE-2016-2098","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2098","reference_id":"CVE-2016-2098","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2098"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml","reference_id":"CVE-2016-2098.YML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml"},{"reference_url":"https://github.com/advisories/GHSA-78rc-8c29-p45g","reference_id":"GHSA-78rc-8c29-p45g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-78rc-8c29-p45g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0456","reference_id":"RHSA-2016:0456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12582?format=json","purl":"pkg:gem/actionpack@3.2.22.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.2"},{"url":"http://public2.vulnerablecode.io/api/packages/12583?format=json","purl":"pkg:gem/actionpack@4.1.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/12609?format=json","purl":"pkg:gem/actionpack@4.2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.2"}],"aliases":["CVE-2016-2098","GHSA-78rc-8c29-p45g"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tp7w-62cp-2yhr"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201467?format=json","vulnerability_id":"VCID-15yu-avdn-yyc6","summary":"Moderate severity vulnerability that affects actionpack","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751","reference_id":"CVE-2016-0751","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751"},{"reference_url":"https://github.com/advisories/GHSA-m53f-rhq8-q6hf","reference_id":"GHSA-m53f-rhq8-q6hf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m53f-rhq8-q6hf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12581?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12576?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12607?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"}],"aliases":["GHSA-m53f-rhq8-q6hf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15yu-avdn-yyc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/738?format=json","vulnerability_id":"VCID-1a29-4ncr-bbgm","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0751","reference_id":"","reference_type":"","scores":[{"value":"0.08895","scoring_system":"epss","scoring_elements":"0.9275","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17"},{"reference_url":"https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6"},{"reference_url":"https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc"},{"reference_url":"https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301946","reference_id":"1301946","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301946"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751","reference_id":"CVE-2016-0751","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml","reference_id":"CVE-2016-0751.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml"},{"reference_url":"https://github.com/advisories/GHSA-ffpv-c4hm-3x6v","reference_id":"GHSA-ffpv-c4hm-3x6v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffpv-c4hm-3x6v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12581?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12576?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12607?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/388498?format=json","purl":"pkg:gem/actionpack@5.0.0.beta1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1"}],"aliases":["CVE-2016-0751","GHSA-ffpv-c4hm-3x6v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1a29-4ncr-bbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/492?format=json","vulnerability_id":"VCID-d7kf-83av-dkes","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7576","reference_id":"","reference_type":"","scores":[{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78644","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":""},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k"},{"reference_url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/8","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301933","reference_id":"1301933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301933"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576","reference_id":"CVE-2015-7576","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml","reference_id":"CVE-2015-7576.YML","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml"},{"reference_url":"https://github.com/advisories/GHSA-p692-7mm3-3fxg","reference_id":"GHSA-p692-7mm3-3fxg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p692-7mm3-3fxg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12581?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12576?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12607?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/388498?format=json","purl":"pkg:gem/actionpack@5.0.0.beta1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1"}],"aliases":["CVE-2015-7576","GHSA-p692-7mm3-3fxg"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7kf-83av-dkes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/739?format=json","vulnerability_id":"VCID-hfz8-rhgw-hydt","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0752","reference_id":"","reference_type":"","scores":[{"value":"0.90494","scoring_system":"epss","scoring_elements":"0.99628","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00"},{"reference_url":"https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"},{"reference_url":"https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801"},{"reference_url":"https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752"},{"reference_url":"https://www.exploit-db.com/exploits/40561","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/40561"},{"reference_url":"http://www.securitytracker.com/id/1034816","reference_id":"1034816","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.securitytracker.com/id/1034816"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/13","reference_id":"13","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/13"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301963","reference_id":"1301963","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301963"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html","reference_id":"178044.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html","reference_id":"178069.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"},{"reference_url":"https://www.exploit-db.com/exploits/40561/","reference_id":"40561","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"https://www.exploit-db.com/exploits/40561/"},{"reference_url":"http://www.securityfocus.com/bid/81801","reference_id":"81801","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.securityfocus.com/bid/81801"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb","reference_id":"CVE-2016-0752","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0752","reference_id":"CVE-2016-0752","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0752"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml","reference_id":"CVE-2016-0752.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml","reference_id":"CVE-2016-0752.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml"},{"reference_url":"http://www.debian.org/security/2016/dsa-3464","reference_id":"dsa-3464","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.debian.org/security/2016/dsa-3464"},{"reference_url":"https://github.com/advisories/GHSA-xrr4-p6fq-hjg7","reference_id":"GHSA-xrr4-p6fq-hjg7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrr4-p6fq-hjg7"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ","reference_id":"JXcBnTtZEgAJ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html","reference_id":"msg00043.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html","reference_id":"msg00053.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html","reference_id":"RHSA-2016-0296.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12581?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12576?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12607?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"}],"aliases":["CVE-2016-0752","GHSA-xrr4-p6fq-hjg7"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfz8-rhgw-hydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201485?format=json","vulnerability_id":"VCID-wjra-fguf-sqdq","summary":"Moderate severity vulnerability that affects actionpack","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576","reference_id":"CVE-2015-7576","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576"},{"reference_url":"https://github.com/advisories/GHSA-vwfg-qj3r-6v3r","reference_id":"GHSA-vwfg-qj3r-6v3r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vwfg-qj3r-6v3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12581?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-g6pk-2xpv-rugw"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12576?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12607?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3k19-3heq-dufq"},{"vulnerability":"VCID-4svc-v1pz-x3ab"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-h6gd-uea5-u3bp"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-kkxa-423m-vqbt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-zbyh-ajmd-tybh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"}],"aliases":["GHSA-vwfg-qj3r-6v3r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjra-fguf-sqdq"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"}