{"url":"http://public2.vulnerablecode.io/api/packages/125862?format=json","purl":"pkg:rpm/redhat/rubygem-compass@0.11.5-2?arch=el6cf","type":"rpm","namespace":"redhat","name":"rubygem-compass","version":"0.11.5-2","qualifiers":{"arch":"el6cf"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6739?format=json","vulnerability_id":"VCID-3xkv-ckqz-r3dx","summary":"Improper Input Validation\nThe Mail gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2140.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2140.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2140","reference_id":"","reference_type":"","scores":[{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87936","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87892","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87898","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.8791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87901","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87915","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87914","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87913","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87931","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87937","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87844","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87854","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.87867","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03667","scoring_system":"epss","scoring_elements":"0.8787","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2140"},{"reference_url":"https://bugzilla.novell.com/show_bug.cgi?id=759092","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.novell.com/show_bug.cgi?id=759092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=816352","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=816352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2140"},{"reference_url":"http://secunia.com/advisories/48970","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/48970"},{"reference_url":"https://github.com/mikel/mail","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mikel/mail"},{"reference_url":"https://github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdoc","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdoc"},{"reference_url":"https://github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0"},{"reference_url":"https://github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/04/25/8","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/04/25/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/04/26/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/04/26/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2140","reference_id":"CVE-2012-2140","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2140"},{"reference_url":"https://github.com/advisories/GHSA-rp63-jfmw-532w","reference_id":"GHSA-rp63-jfmw-532w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rp63-jfmw-532w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"}],"fixed_packages":[],"aliases":["CVE-2012-2140","GHSA-rp63-jfmw-532w","OSV-81632"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xkv-ckqz-r3dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8391?format=json","vulnerability_id":"VCID-75gs-2gu3-6udx","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3865","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-3865"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3865","reference_id":"","reference_type":"","scores":[{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78763","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78734","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78738","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.7874","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78737","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78712","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78787","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78705","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.7877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78679","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0215","scoring_system":"epss","scoring_elements":"0.84174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0215","scoring_system":"epss","scoring_elements":"0.84187","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0215","scoring_system":"epss","scoring_elements":"0.84205","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839131","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865"},{"reference_url":"http://secunia.com/advisories/50014","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50014"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml"},{"reference_url":"https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master"},{"reference_url":"http://www.debian.org/security/2012/dsa-2511","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2511"},{"reference_url":"http://www.ubuntu.com/usn/USN-1506-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1506-1"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3865/","reference_id":"CVE-2012-3865","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-3865/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3865","reference_id":"CVE-2012-3865","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3865"},{"reference_url":"https://github.com/advisories/GHSA-g89m-3wjw-h857","reference_id":"GHSA-g89m-3wjw-h857","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g89m-3wjw-h857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1506-1/","reference_id":"USN-1506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1506-1/"}],"fixed_packages":[],"aliases":["CVE-2012-3865","GHSA-g89m-3wjw-h857"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8415?format=json","vulnerability_id":"VCID-awt1-8bxs-xffs","summary":"actionpack Improper Authentication vulnerability\nThe `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76859","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76779","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76812","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76818","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76809","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.7684","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76847","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76714","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76718","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76746","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.7676","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76799","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=843711","reference_id":"843711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=843711"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424","reference_id":"CVE-2012-3424","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424"},{"reference_url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj","reference_id":"GHSA-92w9-2pqw-rhjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[],"aliases":["CVE-2012-3424","GHSA-92w9-2pqw-rhjj","OSV-84243"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-awt1-8bxs-xffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8448?format=json","vulnerability_id":"VCID-bsxw-gh14-rbef","summary":"activerecord vulnerable to SQL Injection\nThe Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2695","reference_id":"","reference_type":"","scores":[{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70562","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70502","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70473","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70515","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70523","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70503","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70553","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70408","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70439","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70417","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70462","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70478","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2695"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=831573","reference_id":"831573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=831573"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2695","reference_id":"CVE-2012-2695","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2695"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml","reference_id":"CVE-2012-2695.YML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml"},{"reference_url":"https://github.com/advisories/GHSA-76wq-xw4h-f8wj","reference_id":"GHSA-76wq-xw4h-f8wj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-76wq-xw4h-f8wj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[],"aliases":["CVE-2012-2695","GHSA-76wq-xw4h-f8wj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bsxw-gh14-rbef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6742?format=json","vulnerability_id":"VCID-c1w4-z275-tqg7","summary":"Ruby on Rails Potential XSS Vulnerability in select_tag prompt\nWhen a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56066","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56171","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56174","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56143","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56161","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56177","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463"},{"reference_url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847196","reference_id":"847196","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847196"},{"reference_url":"https://github.com/advisories/GHSA-98mf-8f57-64qf","reference_id":"GHSA-98mf-8f57-64qf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98mf-8f57-64qf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[],"aliases":["CVE-2012-3463","GHSA-98mf-8f57-64qf","OSV-84515"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1w4-z275-tqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8413?format=json","vulnerability_id":"VCID-cwa7-9d2t-rfhb","summary":"actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56066","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56171","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56174","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56143","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56161","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56177","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77"},{"reference_url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847200","reference_id":"847200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847200"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465","reference_id":"CVE-2012-3465","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465"},{"reference_url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5","reference_id":"GHSA-7g65-ghrg-hpf5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[],"aliases":["CVE-2012-3465","GHSA-7g65-ghrg-hpf5","OSV-84513"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwa7-9d2t-rfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15790?format=json","vulnerability_id":"VCID-h88b-abes-3bgr","summary":"Puppet Denial of Service and Arbitrary File Write\nUnspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1987","reference_id":"","reference_type":"","scores":[{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73488","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73351","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.7336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73384","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73355","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73392","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73406","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73429","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73443","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73451","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73445","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73491","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1987"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74794","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74794"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml"},{"reference_url":"https://hermes.opensuse.org/messages/14523305","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/14523305"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553"},{"reference_url":"https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552"},{"reference_url":"https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15"},{"reference_url":"https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987"},{"reference_url":"http://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1419-1"},{"reference_url":"http://www.debian.org/security/2012/dsa-2451","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=810070","reference_id":"810070","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=810070"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1987","reference_id":"CVE-2012-1987","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1987"},{"reference_url":"https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/","reference_id":"CVE-2012-1987","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/"},{"reference_url":"https://github.com/advisories/GHSA-v58w-6xc2-w799","reference_id":"GHSA-v58w-6xc2-w799","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v58w-6xc2-w799"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[],"aliases":["CVE-2012-1987","GHSA-v58w-6xc2-w799"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8395?format=json","vulnerability_id":"VCID-hr2h-y693-sbgc","summary":"activesupport Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3464","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56066","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56161","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56177","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56171","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56174","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56143","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56001","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce"},{"reference_url":"https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23"},{"reference_url":"https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870"},{"reference_url":"https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc"},{"reference_url":"https://github.com/rails/rails/issues/7215","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/issues/7215"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847199","reference_id":"847199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847199"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3464","reference_id":"CVE-2012-3464","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3464"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml","reference_id":"CVE-2012-3464.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml"},{"reference_url":"https://github.com/advisories/GHSA-h835-75hw-pj89","reference_id":"GHSA-h835-75hw-pj89","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h835-75hw-pj89"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[],"aliases":["CVE-2012-3464","GHSA-h835-75hw-pj89","OSV-84516"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hr2h-y693-sbgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15407?format=json","vulnerability_id":"VCID-kt2h-k72f-tqc7","summary":"Improper Neutralization of Special Elements used in a Command ('Command Injection')\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html"},{"reference_url":"http://projects.puppetlabs.com/issues/13518","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/issues/13518"},{"reference_url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1988","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-1988"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1988","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65709","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65568","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65616","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65646","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65664","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65676","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65682","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65653","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65688","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65701","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65684","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65699","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.6571","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74796","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74796"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml"},{"reference_url":"https://hermes.opensuse.org/messages/14523305","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/14523305"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518"},{"reference_url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15"},{"reference_url":"https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988"},{"reference_url":"https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789"},{"reference_url":"https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748"},{"reference_url":"https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136"},{"reference_url":"https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743"},{"reference_url":"https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975"},{"reference_url":"http://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1419-1"},{"reference_url":"http://www.debian.org/security/2012/dsa-2451","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=810071","reference_id":"810071","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=810071"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1988/","reference_id":"CVE-2012-1988","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-1988/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1988","reference_id":"CVE-2012-1988","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1988"},{"reference_url":"https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/","reference_id":"CVE-2012-1988","reference_type":"","scores":[],"url":"https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/"},{"reference_url":"https://github.com/advisories/GHSA-6xxq-j39w-g3f6","reference_id":"GHSA-6xxq-j39w-g3f6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xxq-j39w-g3f6"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[],"aliases":["CVE-2012-1988","GHSA-6xxq-j39w-g3f6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6734?format=json","vulnerability_id":"VCID-phxs-zet8-ryh3","summary":"SQL Injection\nRuby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660","reference_id":"","reference_type":"","scores":[{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52712","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52745","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52796","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.5278","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52763","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52801","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52808","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52792","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52741","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52663","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52734","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.527","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52751","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b"},{"reference_url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml"},{"reference_url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827353","reference_id":"827353","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827353"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660","reference_id":"CVE-2012-2660","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml","reference_id":"CVE-2012-2660.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml","reference_id":"CVE-2012-2660.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml"},{"reference_url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf","reference_id":"GHSA-hgpp-pp89-4fgf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[],"aliases":["CVE-2012-2660","GHSA-hgpp-pp89-4fgf","OSV-82610"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phxs-zet8-ryh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6736?format=json","vulnerability_id":"VCID-rq7w-zmh4-17e1","summary":"SQL injection vulnerability in Active Record\nDue to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2661","reference_id":"","reference_type":"","scores":[{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72743","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72697","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72739","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72747","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72604","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72611","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72628","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72644","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72679","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72662","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72652","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72694","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.72705","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661"},{"reference_url":"https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2661","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2661"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827363","reference_id":"827363","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827363"},{"reference_url":"https://github.com/advisories/GHSA-fh39-v733-mxfr","reference_id":"GHSA-fh39-v733-mxfr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh39-v733-mxfr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[],"aliases":["CVE-2012-2661","GHSA-fh39-v733-mxfr","OSV-82403"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rq7w-zmh4-17e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87047?format=json","vulnerability_id":"VCID-rrky-upea-nfd4","summary":"puppet: authenticated clients allowed to read arbitrary files from the puppet master","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3864","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54466","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54542","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54565","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54534","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54586","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5458","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54574","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54553","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5459","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54533","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54548","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54527","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839130","reference_id":"839130","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1506-1/","reference_id":"USN-1506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1506-1/"}],"fixed_packages":[],"aliases":["CVE-2012-3864"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrky-upea-nfd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8450?format=json","vulnerability_id":"VCID-tt6r-bytq-4fa4","summary":"actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2694","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44488","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44701","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4467","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44671","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44728","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4465","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44564","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44569","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44593","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44693","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44631","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44682","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44684","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2694"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a"},{"reference_url":"https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=831581","reference_id":"831581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=831581"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2694","reference_id":"CVE-2012-2694","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2694"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml","reference_id":"CVE-2012-2694.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml"},{"reference_url":"https://github.com/advisories/GHSA-q34c-48gc-m9g8","reference_id":"GHSA-q34c-48gc-m9g8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q34c-48gc-m9g8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[],"aliases":["CVE-2012-2694","GHSA-q34c-48gc-m9g8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tt6r-bytq-4fa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8401?format=json","vulnerability_id":"VCID-wage-71h9-6qay","summary":"Moderate severity vulnerability that affects puppet\nlib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3867","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-3867"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3867","reference_id":"","reference_type":"","scores":[{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80648","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80565","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80575","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80592","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80578","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80571","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80599","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80601","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80604","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80629","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80633","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80516","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80522","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80544","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80536","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3867"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839158","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867"},{"reference_url":"http://secunia.com/advisories/50014","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50014"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml"},{"reference_url":"https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation"},{"reference_url":"http://www.debian.org/security/2012/dsa-2511","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2511"},{"reference_url":"http://www.ubuntu.com/usn/USN-1506-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1506-1"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3867/","reference_id":"CVE-2012-3867","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-3867/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3867","reference_id":"CVE-2012-3867","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3867"},{"reference_url":"https://github.com/advisories/GHSA-q44r-f2hm-v76v","reference_id":"GHSA-q44r-f2hm-v76v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q44r-f2hm-v76v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1506-1/","reference_id":"USN-1506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1506-1/"}],"fixed_packages":[],"aliases":["CVE-2012-3867","GHSA-q44r-f2hm-v76v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36740?format=json","vulnerability_id":"VCID-yycs-ny3v-pyeh","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1986","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.58974","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59049","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59071","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59036","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59093","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59111","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59075","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.5911","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59115","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59095","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59079","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=810069","reference_id":"810069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=810069"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[],"aliases":["CVE-2012-1986"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yycs-ny3v-pyeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6740?format=json","vulnerability_id":"VCID-z8cv-3uer-pqbm","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2139.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2139.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2139","reference_id":"","reference_type":"","scores":[{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87689","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.8765","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87661","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87656","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87653","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87669","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87666","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87684","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.8769","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87598","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87622","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87624","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03527","scoring_system":"epss","scoring_elements":"0.87644","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2139"},{"reference_url":"https://bugzilla.novell.com/show_bug.cgi?id=759092","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.novell.com/show_bug.cgi?id=759092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=816352","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=816352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2139","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2139"},{"reference_url":"https://github.com/mikel/mail","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mikel/mail"},{"reference_url":"https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/04/25/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/04/25/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/04/26/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/04/26/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=891762","reference_id":"891762","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=891762"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2139","reference_id":"CVE-2012-2139","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2139"},{"reference_url":"https://github.com/advisories/GHSA-cj92-c4fj-w9c5","reference_id":"GHSA-cj92-c4fj-w9c5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cj92-c4fj-w9c5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"}],"fixed_packages":[],"aliases":["CVE-2012-2139","GHSA-cj92-c4fj-w9c5","OSV-81631"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8cv-3uer-pqbm"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-compass@0.11.5-2%3Farch=el6cf"}