Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/12909?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/12909?format=api", "purl": "pkg:gem/actionpack@3.0.13", "type": "gem", "namespace": "", "name": "actionpack", "version": "3.0.13", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.2.8.15", "latest_non_vulnerable_version": "8.1.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/738?format=api", "vulnerability_id": "VCID-1a29-4ncr-bbgm", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08895", "scoring_system": "epss", "scoring_elements": "0.9275", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17" }, { "reference_url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6" }, { "reference_url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc" }, { "reference_url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946", "reference_id": "1301946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751", "reference_id": "CVE-2016-0751", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml", "reference_id": "CVE-2016-0751.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v", "reference_id": "GHSA-ffpv-c4hm-3x6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12581?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12576?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12607?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/388498?format=api", "purl": "pkg:gem/actionpack@5.0.0.beta1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1" } ], "aliases": [ "CVE-2016-0751", "GHSA-ffpv-c4hm-3x6v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1a29-4ncr-bbgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178552?format=api", "vulnerability_id": "VCID-2529-ucg8-dkgy", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70669", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335", "reference_id": "921335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857", "reference_id": "CVE-2013-1857", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857" }, { "reference_url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2", "reference_id": "GHSA-j838-vfpq-fmf2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12798?format=api", "purl": "pkg:gem/actionpack@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/12828?format=api", "purl": "pkg:gem/actionpack@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13" } ], "aliases": [ "CVE-2013-1857", "GHSA-j838-vfpq-fmf2", "OSV-91454" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2529-ucg8-dkgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9082?format=api", "vulnerability_id": "VCID-2s57-9frf-4qhk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03338", "scoring_system": "epss", "scoring_elements": "0.87573", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.4.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.4.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.0.3.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.0.3.7" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ" }, { "reference_url": "https://hackerone.com/reports/1101125", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1101125" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379", "reference_id": "1961379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-1920", "reference_id": "AVG-1920", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1920" }, { "reference_url": "https://security.archlinux.org/AVG-1921", "reference_id": "AVG-1921", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1921" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584", "reference_id": "GHSA-7wjx-3g7j-8584", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383579?format=api", "purl": "pkg:gem/actionpack@5.2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/383578?format=api", "purl": "pkg:gem/actionpack@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/383576?format=api", "purl": "pkg:gem/actionpack@6.0.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/383577?format=api", "purl": "pkg:gem/actionpack@6.1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2" } ], "aliases": [ "CVE-2021-22904", "GHSA-7wjx-3g7j-8584" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2s57-9frf-4qhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15119?format=api", "vulnerability_id": "VCID-2uka-fwza-dyfc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02264", "scoring_system": "epss", "scoring_elements": "0.84992", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800", "reference_id": "2164800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115", "reference_id": "82115", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "dsa-5372", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj", "reference_id": "GHSA-p84v-45xj-wwqj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007/", "reference_id": "ntap-20240202-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/607865?format=api", "purl": "pkg:gem/actionpack@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/379897?format=api", "purl": "pkg:gem/actionpack@5.2.8.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/379898?format=api", "purl": "pkg:gem/actionpack@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379899?format=api", "purl": "pkg:gem/actionpack@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1" } ], "aliases": [ "CVE-2023-22792", "GHSA-p84v-45xj-wwqj", "GMS-2023-58" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2uka-fwza-dyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20041?format=api", "vulnerability_id": "VCID-3k19-3heq-dufq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68652", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075", "reference_id": "27121e80f6dbb260f5a9f0452cd8411cb681f075", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075" }, { "reference_url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef", "reference_id": "b0fe99fa854ec8ff4498e75779b458392d1560ef", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef" }, { "reference_url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891", "reference_id": "b1241f468d1b32235f438c2e2203386e6efd3891", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2024-41128", "reference_id": "cve-2024-41128", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2024-41128" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128", "reference_id": "CVE-2024-41128", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml", "reference_id": "CVE-2024-41128.YML", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml" }, { "reference_url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd", "reference_id": "fb493bebae1a9b83e494fe7edbf01f6167d606fd", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd" }, { "reference_url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "GHSA-x76w-6vjr-8xgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "GHSA-x76w-6vjr-8xgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036", "reference_id": "show_bug.cgi?id=2319036", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33871?format=api", "purl": "pkg:gem/actionpack@6.1.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/529701?format=api", "purl": "pkg:gem/actionpack@7.0.0.alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33875?format=api", "purl": "pkg:gem/actionpack@7.0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/720801?format=api", "purl": "pkg:gem/actionpack@7.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33872?format=api", "purl": "pkg:gem/actionpack@7.1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31926?format=api", "purl": "pkg:gem/actionpack@7.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33874?format=api", "purl": "pkg:gem/actionpack@7.2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/753522?format=api", "purl": "pkg:gem/actionpack@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1" } ], "aliases": [ "CVE-2024-41128", "GHSA-x76w-6vjr-8xgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3k19-3heq-dufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178535?format=api", "vulnerability_id": "VCID-56hv-j97k-w3dr", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.7183", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217" }, { "reference_url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446", "reference_id": "CVE-2011-0446", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j", "reference_id": "GHSA-75w6-p6mg-vh8j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0446", "GHSA-75w6-p6mg-vh8j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56hv-j97k-w3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178536?format=api", "vulnerability_id": "VCID-58mv-ca6x-ruh8", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.77309", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034" }, { "reference_url": "https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025060", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025060" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0447", "reference_id": "CVE-2011-0447", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0447" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml", "reference_id": "CVE-2011-0447.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml" }, { "reference_url": "https://github.com/advisories/GHSA-24fg-p96v-hxh8", "reference_id": "GHSA-24fg-p96v-hxh8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-24fg-p96v-hxh8" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0447", "GHSA-24fg-p96v-hxh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58mv-ca6x-ruh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178539?format=api", "vulnerability_id": "VCID-5932-9sn8-jqbf", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74715", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552" }, { "reference_url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929", "reference_id": "CVE-2011-2929", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml", "reference_id": "CVE-2011-2929.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml" }, { "reference_url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q", "reference_id": "GHSA-r7q2-5gqg-6c7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12696?format=api", "purl": "pkg:gem/actionpack@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0" } ], "aliases": [ "CVE-2011-2929", "GHSA-r7q2-5gqg-6c7q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5932-9sn8-jqbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18376?format=api", "vulnerability_id": "VCID-5r3f-m1fv-f7bp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87948", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26142" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266324", "reference_id": "2266324", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266324" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946", "reference_id": "84946", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946" }, { "reference_url": "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", "reference_id": "b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26142", "reference_id": "CVE-2024-26142", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26142" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml", "reference_id": "CVE-2024-26142.yml", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml" }, { "reference_url": "https://github.com/advisories/GHSA-jjhx-jhvp-74wq", "reference_id": "GHSA-jjhx-jhvp-74wq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjhx-jhvp-74wq" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq", "reference_id": "GHSA-jjhx-jhvp-74wq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240503-0003/", "reference_id": "ntap-20240503-0003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240503-0003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29394?format=api", "purl": "pkg:gem/actionpack@7.1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1" } ], "aliases": [ "CVE-2024-26142", "GHSA-jjhx-jhvp-74wq" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5r3f-m1fv-f7bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18377?format=api", "vulnerability_id": "VCID-6hkq-y2fb-skgq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.843", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266388", "reference_id": "2266388", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266388" }, { "reference_url": "https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc", "reference_id": "4c83b331092a79d58e4adffe4be5f250fa5782cc", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc" }, { "reference_url": "https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e", "reference_id": "5187a9ef51980ad1b8e81945ebe0462d28f84f9e", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947", "reference_id": "84947", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26143", "reference_id": "CVE-2024-26143", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26143" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml", "reference_id": "CVE-2024-26143.yml", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9822-6m93-xqf4", "reference_id": "GHSA-9822-6m93-xqf4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9822-6m93-xqf4" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4", "reference_id": "GHSA-9822-6m93-xqf4", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0004/", "reference_id": "ntap-20240510-0004", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0004/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29397?format=api", "purl": "pkg:gem/actionpack@7.0.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/29394?format=api", "purl": "pkg:gem/actionpack@7.1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1" } ], "aliases": [ "CVE-2024-26143", "GHSA-9822-6m93-xqf4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hkq-y2fb-skgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109434?format=api", "vulnerability_id": "VCID-6rc5-9gn7-tbbv", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/8" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75889", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4" }, { "reference_url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782" }, { "reference_url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647" }, { "reference_url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520", "reference_id": "1065520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081", "reference_id": "CVE-2014-0081", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml", "reference_id": "CVE-2014-0081.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml", "reference_id": "CVE-2014-0081.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml" }, { "reference_url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83", "reference_id": "GHSA-m46p-ggm5-5j83", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0215", "reference_id": "RHSA-2014:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0306", "reference_id": "RHSA-2014:0306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12677?format=api", "purl": "pkg:gem/actionpack@3.2.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/12628?format=api", "purl": "pkg:gem/actionpack@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/402883?format=api", "purl": "pkg:gem/actionpack@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12763?format=api", "purl": "pkg:gem/actionpack@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1" } ], "aliases": [ "CVE-2014-0081", "GHSA-m46p-ggm5-5j83", "OSV-103439" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6rc5-9gn7-tbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200350?format=api", "vulnerability_id": "VCID-72jm-58dq-mub5", "summary": "Action Pack contains database-query restrictions bypass", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36637", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b" }, { "reference_url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml" }, { "reference_url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353", "reference_id": "827353", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660", "reference_id": "CVE-2012-2660", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf", "reference_id": "GHSA-hgpp-pp89-4fgf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12971?format=api", "purl": "pkg:gem/actionpack@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/12937?format=api", "purl": "pkg:gem/actionpack@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4" } ], "aliases": [ "CVE-2012-2660", "GHSA-hgpp-pp89-4fgf", "OSV-82610" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72jm-58dq-mub5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200249?format=api", "vulnerability_id": "VCID-7b9s-j981-audq", "summary": "actionpack Cross-site Scripting vulnerability", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56495", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77" }, { "reference_url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200", "reference_id": "847200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465", "reference_id": "CVE-2012-3465", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465" }, { "reference_url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5", "reference_id": "GHSA-7g65-ghrg-hpf5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12825?format=api", "purl": "pkg:gem/actionpack@3.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/397720?format=api", "purl": "pkg:gem/actionpack@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12813?format=api", "purl": "pkg:gem/actionpack@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/397841?format=api", "purl": "pkg:gem/actionpack@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12779?format=api", "purl": "pkg:gem/actionpack@3.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8" } ], "aliases": [ "CVE-2012-3465", "GHSA-7g65-ghrg-hpf5", "OSV-84513" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7b9s-j981-audq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178545?format=api", "vulnerability_id": "VCID-9cgs-zd4y-2qdz", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99709", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156" }, { "reference_url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain" }, { "reference_url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2604", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2604" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.insinuator.net/2013/01/rails-yaml" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.insinuator.net/2013/01/rails-yaml/" }, { "reference_url": "http://www.kb.cert.org/vuls/id/380039", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/380039" }, { "reference_url": "http://www.kb.cert.org/vuls/id/628463", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722", "reference_id": "697722", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870", "reference_id": "892870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156", "reference_id": "CVE-2013-0156", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/", "reference_id": "CVE-2013-0156", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb" }, { "reference_url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg", "reference_id": "GHSA-jmgw-6vjg-jjwg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0153", "reference_id": "RHSA-2013:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12794?format=api", "purl": "pkg:gem/actionpack@3.0.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/397720?format=api", "purl": "pkg:gem/actionpack@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12807?format=api", "purl": "pkg:gem/actionpack@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/397841?format=api", "purl": "pkg:gem/actionpack@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12816?format=api", "purl": "pkg:gem/actionpack@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11" } ], "aliases": [ "CVE-2013-0156", "GHSA-jmgw-6vjg-jjwg", "OSV-89026" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9cgs-zd4y-2qdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109436?format=api", "vulnerability_id": "VCID-a6dm-ywkf-wkgh", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/10" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91278", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc" }, { "reference_url": "https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538", "reference_id": "1065538", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082", "reference_id": "CVE-2014-0082", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082" }, { "reference_url": "https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082", "reference_id": "CVE-2014-0082", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml", "reference_id": "CVE-2014-0082.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml" }, { "reference_url": "https://github.com/advisories/GHSA-7cgp-c3g7-qvrw", "reference_id": "GHSA-7cgp-c3g7-qvrw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cgp-c3g7-qvrw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0215", "reference_id": "RHSA-2014:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0306", "reference_id": "RHSA-2014:0306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12677?format=api", "purl": "pkg:gem/actionpack@3.2.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/388055?format=api", "purl": "pkg:gem/actionpack@4.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12574?format=api", "purl": "pkg:gem/actionpack@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15yu-avdn-yyc6" }, { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4mgx-wysw-cfhc" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-f6hu-1mcw-y7fy" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-hxkv-rcsp-eudv" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-ueeq-q2k2-b3ar" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-wjra-fguf-sqdq" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0" } ], "aliases": [ "CVE-2014-0082", "GHSA-7cgp-c3g7-qvrw", "OSV-103440" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6dm-ywkf-wkgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199875?format=api", "vulnerability_id": "VCID-ayfj-arqs-5khk", "summary": "actionpack vulnerable to Path Traversal", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44766", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161499", "reference_id": "1161499", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161499" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934", "reference_id": "770934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7818", "reference_id": "CVE-2014-7818", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7818" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml", "reference_id": "CVE-2014-7818.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml" }, { "reference_url": "https://puppet.com/security/cve/cve-2014-7829", "reference_id": "CVE-2014-7829", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2014-7829" }, { "reference_url": "https://github.com/advisories/GHSA-29gr-w57f-rpfw", "reference_id": "GHSA-29gr-w57f-rpfw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29gr-w57f-rpfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12727?format=api", "purl": "pkg:gem/actionpack@3.2.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/12681?format=api", "purl": "pkg:gem/actionpack@4.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/402883?format=api", "purl": "pkg:gem/actionpack@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12657?format=api", "purl": "pkg:gem/actionpack@4.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/12658?format=api", "purl": "pkg:gem/actionpack@4.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12680?format=api", "purl": "pkg:gem/actionpack@4.2.0.beta3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta3" } ], "aliases": [ "CVE-2014-7818", "GHSA-29gr-w57f-rpfw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ayfj-arqs-5khk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183410?format=api", "vulnerability_id": "VCID-bn9m-pqu3-bffj", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68618", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0" }, { "reference_url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978" }, { "reference_url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686" }, { "reference_url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600" }, { "reference_url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2260", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2260" }, { "reference_url": "http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086", "reference_id": "CVE-2009-3086", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml", "reference_id": "CVE-2009-3086.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml", "reference_id": "CVE-2009-3086.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j", "reference_id": "GHSA-fg9w-g6m4-557j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3086", "GHSA-fg9w-g6m4-557j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn9m-pqu3-bffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183407?format=api", "vulnerability_id": "VCID-cab4-yeek-cfcw", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" }, { "reference_url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup" }, { "reference_url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93738", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-7248" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=544329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" }, { "reference_url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup" }, { "reference_url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" }, { "reference_url": "https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2009/11/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2009/11/28/1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2009/12/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2009/12/02/2" }, { "reference_url": "https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" }, { "reference_url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/28/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/12/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/12/02/2" }, { "reference_url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685", "reference_id": "558685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2008-7248", "reference_id": "CVE-2008-7248", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2008-7248" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7248", "reference_id": "CVE-2008-7248", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7248" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt", "reference_id": "CVE-2008-7248;OSVDB-61124", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt" }, { "reference_url": "https://www.securityfocus.com/bid/37322/info", "reference_id": "CVE-2008-7248;OSVDB-61124", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/37322/info" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml", "reference_id": "CVE-2008-7248.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8fqx-7pv4-3jwm", "reference_id": "GHSA-8fqx-7pv4-3jwm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fqx-7pv4-3jwm" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2008-7248", "GHSA-8fqx-7pv4-3jwm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cab4-yeek-cfcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/492?format=api", "vulnerability_id": "VCID-d7kf-83av-dkes", "summary": "", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01119", "scoring_system": "epss", "scoring_elements": "0.78644", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k" }, { "reference_url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933", "reference_id": "1301933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576", "reference_id": "CVE-2015-7576", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml", "reference_id": "CVE-2015-7576.YML", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml" }, { "reference_url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg", "reference_id": "GHSA-p692-7mm3-3fxg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12581?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12576?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12607?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/388498?format=api", "purl": "pkg:gem/actionpack@5.0.0.beta1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1" } ], "aliases": [ "CVE-2015-7576", "GHSA-p692-7mm3-3fxg" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7kf-83av-dkes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200376?format=api", "vulnerability_id": "VCID-en5b-axpg-eud2", "summary": "Cross-site Scripting vulnerability in i18n translations helper method", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/18/8" }, { "reference_url": "http://osvdb.org/77199", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/77199" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.70173", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4319" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71364", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71364" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c" }, { "reference_url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade" }, { "reference_url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU" }, { "reference_url": "https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722" }, { "reference_url": "https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342" }, { "reference_url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released" }, { "reference_url": "http://www.securityfocus.com/bid/50722", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/50722" }, { "reference_url": "http://www.securitytracker.com/id?1026342", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1026342" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=755004", "reference_id": "755004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755004" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4319", "reference_id": "CVE-2011-4319", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4319" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml", "reference_id": "CVE-2011-4319.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xxr8-833v-c7wc", "reference_id": "GHSA-xxr8-833v-c7wc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxr8-833v-c7wc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12922?format=api", "purl": "pkg:gem/actionpack@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.2" } ], "aliases": [ "CVE-2011-4319", "GHSA-xxr8-833v-c7wc", "OSV-77199" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-en5b-axpg-eud2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9081?format=api", "vulnerability_id": "VCID-f5mb-arn4-skau", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26541", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22903" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0" }, { "reference_url": "https://hackerone.com/reports/1148025", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1148025" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22903", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957438", "reference_id": "1957438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957438" }, { "reference_url": "https://security.archlinux.org/AVG-1919", "reference_id": "AVG-1919", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1919" }, { "reference_url": "https://github.com/advisories/GHSA-5hq2-xf89-9jxq", "reference_id": "GHSA-5hq2-xf89-9jxq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hq2-xf89-9jxq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383577?format=api", "purl": "pkg:gem/actionpack@6.1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2" } ], "aliases": [ "CVE-2021-22903", "GHSA-5hq2-xf89-9jxq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5mb-arn4-skau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15120?format=api", "vulnerability_id": "VCID-fnx8-28wd-qqgx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01304", "scoring_system": "epss", "scoring_elements": "0.80176", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f" }, { "reference_url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0" }, { "reference_url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799", "reference_id": "2164799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799" }, { "reference_url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv", "reference_id": "GHSA-8xww-x3g3-6jcv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/607865?format=api", "purl": "pkg:gem/actionpack@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/379898?format=api", "purl": "pkg:gem/actionpack@6.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379899?format=api", "purl": "pkg:gem/actionpack@7.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1" } ], "aliases": [ "CVE-2023-22795", "GHSA-8xww-x3g3-6jcv", "GMS-2023-56" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnx8-28wd-qqgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1682?format=api", "vulnerability_id": "VCID-g6pk-2xpv-rugw", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.82277", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE" }, { "reference_url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3651", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3651" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/11/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008", "reference_id": "1365008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155", "reference_id": "834155", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316", "reference_id": "CVE-2016-6316", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316" }, { "reference_url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316", "reference_id": "CVE-2016-6316", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml", "reference_id": "CVE-2016-6316.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml" }, { "reference_url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj", "reference_id": "GHSA-pc3m-v286-2jwj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1855", "reference_id": "RHSA-2016:1855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1856", "reference_id": "RHSA-2016:1856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1857", "reference_id": "RHSA-2016:1857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1858", "reference_id": "RHSA-2016:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388690?format=api", "purl": "pkg:gem/actionpack@3.2.22.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.3" } ], "aliases": [ "CVE-2016-6316", "GHSA-pc3m-v286-2jwj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6pk-2xpv-rugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/182?format=api", "vulnerability_id": "VCID-gyq7-xde5-sfea", "summary": "", "references": [ { "reference_url": "http://osvdb.org/show/osvdb/106704", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/show/osvdb/106704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0510", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.5271", "scoring_system": "epss", "scoring_elements": "0.98002", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0130" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095105", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk" }, { "reference_url": "https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244" }, { "reference_url": "https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf" }, { "reference_url": "https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130" }, { "reference_url": "http://www.securityfocus.com/bid/67244", "reference_id": "67244", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "http://www.securityfocus.com/bid/67244" }, { "reference_url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", "reference_id": "AnatomyOfRailsVuln-CVE-2014-0130.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0130", "reference_id": "CVE-2014-0130", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-0130" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0130", "reference_id": "CVE-2014-0130", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0130" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml", "reference_id": "CVE-2014-0130.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6x85-j5j2-27jx", "reference_id": "GHSA-6x85-j5j2-27jx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x85-j5j2-27jx" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ", "reference_id": "NxW_PDBSG3AJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "RHSA-2014-1863.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12634?format=api", "purl": "pkg:gem/actionpack@3.2.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/12764?format=api", "purl": "pkg:gem/actionpack@4.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/12763?format=api", "purl": "pkg:gem/actionpack@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1" } ], "aliases": [ "CVE-2014-0130", "GHSA-6x85-j5j2-27jx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyq7-xde5-sfea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15324?format=api", "vulnerability_id": "VCID-h6gd-uea5-u3bp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43064", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250502-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250502-0009" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058", "reference_id": "1051058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058" }, { "reference_url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441", "reference_id": "1c3f93d1e90a3475f9ae2377ead25ccf11f71441", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785", "reference_id": "2217785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785" }, { "reference_url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5", "reference_id": "69e37c84e3f77d75566424c7d0015172d6a6fac5", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132", "reference_id": "83132", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132" }, { "reference_url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf", "reference_id": "GHSA-4g8v-vg43-wpgf", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7851", "reference_id": "RHSA-2023:7851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381693?format=api", "purl": "pkg:gem/actionpack@6.1.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381694?format=api", "purl": "pkg:gem/actionpack@7.0.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.5.1" } ], "aliases": [ "CVE-2023-28362", "GHSA-4g8v-vg43-wpgf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gd-uea5-u3bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/739?format=api", "vulnerability_id": "VCID-hfz8-rhgw-hydt", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90494", "scoring_system": "epss", "scoring_elements": "0.99628", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00" }, { "reference_url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752" }, { "reference_url": "https://www.exploit-db.com/exploits/40561", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/40561" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "1034816", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/13", "reference_id": "13", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/13" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963", "reference_id": "1301963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html", "reference_id": "178044.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html", "reference_id": "178069.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html" }, { "reference_url": "https://www.exploit-db.com/exploits/40561/", "reference_id": "40561", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://www.exploit-db.com/exploits/40561/" }, { "reference_url": "http://www.securityfocus.com/bid/81801", "reference_id": "81801", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb", "reference_id": "CVE-2016-0752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752", "reference_id": "CVE-2016-0752", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "dsa-3464", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7", "reference_id": "GHSA-xrr4-p6fq-hjg7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "JXcBnTtZEgAJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "msg00043.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "msg00053.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "RHSA-2016-0296.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12581?format=api", "purl": "pkg:gem/actionpack@3.2.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12576?format=api", "purl": "pkg:gem/actionpack@4.1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12607?format=api", "purl": "pkg:gem/actionpack@4.2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1" } ], "aliases": [ "CVE-2016-0752", "GHSA-xrr4-p6fq-hjg7" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfz8-rhgw-hydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200439?format=api", "vulnerability_id": "VCID-j53k-283t-ebcw", "summary": "actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44764", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2694" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a" }, { "reference_url": "https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=831581", "reference_id": "831581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831581" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2694", "reference_id": "CVE-2012-2694", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2694" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml", "reference_id": "CVE-2012-2694.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml" }, { "reference_url": "https://github.com/advisories/GHSA-q34c-48gc-m9g8", "reference_id": "GHSA-q34c-48gc-m9g8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q34c-48gc-m9g8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12970?format=api", "purl": "pkg:gem/actionpack@3.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/12979?format=api", "purl": "pkg:gem/actionpack@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/12963?format=api", "purl": "pkg:gem/actionpack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6" } ], "aliases": [ "CVE-2012-2694", "GHSA-q34c-48gc-m9g8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j53k-283t-ebcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204972?format=api", "vulnerability_id": "VCID-jyvd-yu2u-rucu", "summary": "Untrusted users can run pending migrations in production in Rails", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.72046", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8185" }, { "reference_url": "https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0" }, { "reference_url": "https://hackerone.com/reports/899069", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/899069" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852380", "reference_id": "1852380", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852380" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081", "reference_id": "964081", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8185", "reference_id": "CVE-2020-8185", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8185" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml", "reference_id": "CVE-2020-8185.YML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml" }, { "reference_url": "https://github.com/advisories/GHSA-c6qr-h5vq-59jc", "reference_id": "GHSA-c6qr-h5vq-59jc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6qr-h5vq-59jc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16687?format=api", "purl": "pkg:gem/actionpack@6.0.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.2" } ], "aliases": [ "CVE-2020-8185", "GHSA-c6qr-h5vq-59jc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyvd-yu2u-rucu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200094?format=api", "vulnerability_id": "VCID-khe5-s558-gybb", "summary": "actionpack Cross-site Scripting vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46738", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/404", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/404" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM" }, { "reference_url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914", "reference_id": "1036914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416", "reference_id": "CVE-2013-6416", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml", "reference_id": "CVE-2013-6416.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml" }, { "reference_url": "https://github.com/advisories/GHSA-w37c-q653-qg95", "reference_id": "GHSA-w37c-q653-qg95", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w37c-q653-qg95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12696?format=api", "purl": "pkg:gem/actionpack@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/12778?format=api", "purl": "pkg:gem/actionpack@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4svc-v1pz-x3ab" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/12642?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6416", "GHSA-w37c-q653-qg95", "OSV-100526" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khe5-s558-gybb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11771?format=api", "vulnerability_id": "VCID-kkxa-423m-vqbt", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75352", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982", "reference_id": "1016982", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296", "reference_id": "2080296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777", "reference_id": "CVE-2022-27777", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml", "reference_id": "CVE-2022-27777.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv", "reference_id": "GHSA-ch3h-j2vf-95pv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20320?format=api", "purl": "pkg:gem/actionpack@5.2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20317?format=api", "purl": "pkg:gem/actionpack@6.0.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/20322?format=api", "purl": "pkg:gem/actionpack@6.1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20325?format=api", "purl": "pkg:gem/actionpack@7.0.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g5uw-9j6g-cyb6" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.4" } ], "aliases": [ "CVE-2022-27777", "GHSA-ch3h-j2vf-95pv", "GMS-2022-1138" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkxa-423m-vqbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8770?format=api", "vulnerability_id": "VCID-kqsm-qvtq-4kc6", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91913", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY" }, { "reference_url": "https://hackerone.com/reports/292797", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/292797" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634", "reference_id": "1842634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164", "reference_id": "CVE-2020-8164", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml", "reference_id": "CVE-2020-8164.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8727-m6gj-mc37", "reference_id": "GHSA-8727-m6gj-mc37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8727-m6gj-mc37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16529?format=api", "purl": "pkg:gem/actionpack@5.2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/16532?format=api", "purl": "pkg:gem/actionpack@6.0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-171r-59fd-2bbj" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3e1p-t61q-xfft" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-4j57-xdw3-a7em" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fhjg-crvh-myhd" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-m1pe-q2r4-zfap" }, { "vulnerability": "VCID-mepe-vuu9-g3gd" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-tnty-pw45-4ug3" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-uzrf-6puc-kygc" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.1" } ], "aliases": [ "CVE-2020-8164", "GHSA-8727-m6gj-mc37" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsm-qvtq-4kc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107870?format=api", "vulnerability_id": "VCID-m75c-mpmd-93c5", "summary": "security update", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72778", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/401", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/401" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036922", "reference_id": "1036922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036922" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4491", "reference_id": "CVE-2013-4491", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4491" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml", "reference_id": "CVE-2013-4491.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml" }, { "reference_url": "https://github.com/advisories/GHSA-699m-mcjm-9cw8", "reference_id": "GHSA-699m-mcjm-9cw8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-699m-mcjm-9cw8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12719?format=api", "purl": "pkg:gem/actionpack@3.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/12642?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-4491", "GHSA-699m-mcjm-9cw8", "OSV-100528" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m75c-mpmd-93c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107874?format=api", "vulnerability_id": "VCID-mgr2-ph7w-4qgy", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66936", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/403", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/403" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409", "reference_id": "1036409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417", "reference_id": "CVE-2013-6417", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-6417", "reference_id": "CVE-2013-6417", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-6417" }, { "reference_url": "https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417", "reference_id": "CVE-2013-6417", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml", "reference_id": "CVE-2013-6417.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml" }, { "reference_url": "https://github.com/advisories/GHSA-wpw7-wxjm-cw8r", "reference_id": "GHSA-wpw7-wxjm-cw8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpw7-wxjm-cw8r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0469", "reference_id": "RHSA-2014:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0469" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12719?format=api", "purl": "pkg:gem/actionpack@3.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/12642?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6417", "GHSA-wpw7-wxjm-cw8r", "OSV-100527" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mgr2-ph7w-4qgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107872?format=api", "vulnerability_id": "VCID-mjpw-b5bt-9qgm", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.98722", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/400", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/400" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg" }, { "reference_url": "https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036483", "reference_id": "1036483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036483" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6414", "reference_id": "CVE-2013-6414", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6414" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-6414", "reference_id": "CVE-2013-6414", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-6414" }, { "reference_url": "https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414", "reference_id": "CVE-2013-6414", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml", "reference_id": "CVE-2013-6414.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml" }, { "reference_url": "https://github.com/advisories/GHSA-mpxf-gcw2-pw5q", "reference_id": "GHSA-mpxf-gcw2-pw5q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpxf-gcw2-pw5q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12719?format=api", "purl": "pkg:gem/actionpack@3.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/12642?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6414", "GHSA-mpxf-gcw2-pw5q", "OSV-100525" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjpw-b5bt-9qgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200380?format=api", "vulnerability_id": "VCID-n2av-wp5y-aud3", "summary": "actionpack Improper Authentication vulnerability", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.77205", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3424" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=843711", "reference_id": "843711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843711" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424", "reference_id": "CVE-2012-3424", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424" }, { "reference_url": "https://github.com/advisories/GHSA-92w9-2pqw-rhjj", "reference_id": "GHSA-92w9-2pqw-rhjj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92w9-2pqw-rhjj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12956?format=api", "purl": "pkg:gem/actionpack@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/397720?format=api", "purl": "pkg:gem/actionpack@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12975?format=api", "purl": "pkg:gem/actionpack@3.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/397841?format=api", "purl": "pkg:gem/actionpack@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12924?format=api", "purl": "pkg:gem/actionpack@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7" } ], "aliases": [ "CVE-2012-3424", "GHSA-92w9-2pqw-rhjj", "OSV-84243" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2av-wp5y-aud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178541?format=api", "vulnerability_id": "VCID-ndgd-kzmk-7fab", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74698", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2931" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731436", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931" }, { "reference_url": "http://secunia.com/advisories/45921", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/45921" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2931", "reference_id": "CVE-2011-2931", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2931" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml", "reference_id": "CVE-2011-2931.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml" }, { "reference_url": "https://github.com/advisories/GHSA-v5jg-558j-q67c", "reference_id": "GHSA-v5jg-558j-q67c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v5jg-558j-q67c" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-2931", "GHSA-v5jg-558j-q67c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndgd-kzmk-7fab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200121?format=api", "vulnerability_id": "VCID-p1c8-u135-k7h6", "summary": "actionpack Cross-site Scripting vulnerability", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56495", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3463" }, { "reference_url": "https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847196", "reference_id": "847196", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847196" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3463", "reference_id": "CVE-2012-3463", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3463" }, { "reference_url": "https://github.com/advisories/GHSA-98mf-8f57-64qf", "reference_id": "GHSA-98mf-8f57-64qf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98mf-8f57-64qf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12825?format=api", "purl": "pkg:gem/actionpack@3.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/397720?format=api", "purl": "pkg:gem/actionpack@3.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12813?format=api", "purl": "pkg:gem/actionpack@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/397841?format=api", "purl": "pkg:gem/actionpack@3.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-mw4w-k3vk-y7gr" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12779?format=api", "purl": "pkg:gem/actionpack@3.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8" } ], "aliases": [ "CVE-2012-3463", "GHSA-98mf-8f57-64qf", "OSV-84515" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1c8-u135-k7h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18955?format=api", "vulnerability_id": "VCID-q148-xawj-bkeu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.75028", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28103" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241206-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241206-0002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705", "reference_id": "1072705", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290530", "reference_id": "2290530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290530" }, { "reference_url": "https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523", "reference_id": "35858f1d9d57f6c4050a8d9ab754bd5d088b4523", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/" } ], "url": "https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28103", "reference_id": "CVE-2024-28103", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28103" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml", "reference_id": "CVE-2024-28103.YML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fwhr-88qx-h9g7", "reference_id": "GHSA-fwhr-88qx-h9g7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fwhr-88qx-h9g7" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7", "reference_id": "GHSA-fwhr-88qx-h9g7", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31925?format=api", "purl": "pkg:gem/actionpack@6.1.7.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/529701?format=api", "purl": "pkg:gem/actionpack@7.0.0.alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31928?format=api", "purl": "pkg:gem/actionpack@7.0.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/720801?format=api", "purl": "pkg:gem/actionpack@7.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31924?format=api", "purl": "pkg:gem/actionpack@7.1.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31927?format=api", "purl": "pkg:gem/actionpack@7.2.0.beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta2" } ], "aliases": [ "CVE-2024-28103", "GHSA-fwhr-88qx-h9g7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q148-xawj-bkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183409?format=api", "vulnerability_id": "VCID-ryyh-3t4j-hygv", "summary": "Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.82318", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "http://secunia.com/advisories/36717", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36717" }, { "reference_url": "http://securitytracker.com/id?1022824", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1022824" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2009/dsa-1887", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2009/dsa-1887" }, { "reference_url": "http://www.osvdb.org/57666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.osvdb.org/57666" }, { "reference_url": "http://www.securityfocus.com/bid/36278", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/36278" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843", "reference_id": "520843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009", "reference_id": "CVE-2009-3009", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml", "reference_id": "CVE-2009-3009.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf", "reference_id": "GHSA-8qrh-h9m2-5fvf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [], "aliases": [ "CVE-2009-3009", "GHSA-8qrh-h9m2-5fvf", "OSV-57666" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryyh-3t4j-hygv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178538?format=api", "vulnerability_id": "VCID-sx3a-wftd-rufh", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68574", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0449" }, { "reference_url": "http://secunia.com/advisories/43278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43278" }, { "reference_url": "http://securitytracker.com/id?1025061", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025061" }, { "reference_url": "https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b" }, { "reference_url": "https://github.com/rails/rails/tree/main/actionpack", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/actionpack" }, { "reference_url": "https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0449", "reference_id": "CVE-2011-0449", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0449" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml", "reference_id": "CVE-2011-0449.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml" }, { "reference_url": "https://github.com/advisories/GHSA-4ww3-3rxj-8v6q", "reference_id": "GHSA-4ww3-3rxj-8v6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4ww3-3rxj-8v6q" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0449", "GHSA-4ww3-3rxj-8v6q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sx3a-wftd-rufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28206?format=api", "vulnerability_id": "VCID-us61-ajgq-5uaa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33167", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450552", "reference_id": "2450552", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450552" }, { "reference_url": "https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0", "reference_id": "6752711c8c31d79ba50d13af6a6698a3b85415e0", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/" } ], "url": "https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0" }, { "reference_url": "https://github.com/advisories/GHSA-pgm4-439c-5jp6", "reference_id": "GHSA-pgm4-439c-5jp6", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pgm4-439c-5jp6" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6", "reference_id": "GHSA-pgm4-439c-5jp6", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "v8.1.2.1", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374620?format=api", "purl": "pkg:gem/actionpack@8.1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.1.2.1" } ], "aliases": [ "CVE-2026-33167", "GHSA-pgm4-439c-5jp6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-us61-ajgq-5uaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178550?format=api", "vulnerability_id": "VCID-v1py-zs44-n7cz", "summary": "Multiple vulnerabilities were found in Ruby on Rails, the worst of\n which allowing for execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0698", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67902", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1855", "reference_id": "CVE-2013-1855", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1855" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855", "reference_id": "CVE-2013-1855", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml", "reference_id": "CVE-2013-1855.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml" }, { "reference_url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg", "reference_id": "GHSA-q759-hwvc-m3jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12798?format=api", "purl": "pkg:gem/actionpack@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/12828?format=api", "purl": "pkg:gem/actionpack@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13" } ], "aliases": [ "CVE-2013-1855", "GHSA-q759-hwvc-m3jg", "OSV-91452" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1py-zs44-n7cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199836?format=api", "vulnerability_id": "VCID-vczd-qydk-1bhj", "summary": "Directory traversal vulnerability in actionpack", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50258", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk" }, { "reference_url": "https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183" }, { "reference_url": "http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164659", "reference_id": "1164659", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164659" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934", "reference_id": "770934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7829", "reference_id": "CVE-2014-7829", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7829" }, { "reference_url": "https://puppet.com/security/cve/cve-2014-7829", "reference_id": "CVE-2014-7829", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2014-7829" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml", "reference_id": "CVE-2014-7829.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h56m-vwxc-3qpw", "reference_id": "GHSA-h56m-vwxc-3qpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h56m-vwxc-3qpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12638?format=api", "purl": "pkg:gem/actionpack@3.2.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/388291?format=api", "purl": "pkg:gem/actionpack@4.0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12650?format=api", "purl": "pkg:gem/actionpack@4.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/402883?format=api", "purl": "pkg:gem/actionpack@4.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/388292?format=api", "purl": "pkg:gem/actionpack@4.1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12700?format=api", "purl": "pkg:gem/actionpack@4.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/12658?format=api", "purl": "pkg:gem/actionpack@4.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12659?format=api", "purl": "pkg:gem/actionpack@4.2.0.beta4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta4" } ], "aliases": [ "CVE-2014-7829", "GHSA-h56m-vwxc-3qpw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vczd-qydk-1bhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107873?format=api", "vulnerability_id": "VCID-xz21-jbef-9qf9", "summary": "security update", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81576", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/402", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/402" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0" }, { "reference_url": "https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036910", "reference_id": "1036910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036910" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6415", "reference_id": "CVE-2013-6415", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6415" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-6415", "reference_id": "CVE-2013-6415", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-6415" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml", "reference_id": "CVE-2013-6415.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6h5q-96hp-9jgm", "reference_id": "GHSA-6h5q-96hp-9jgm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6h5q-96hp-9jgm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12719?format=api", "purl": "pkg:gem/actionpack@3.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/12642?format=api", "purl": "pkg:gem/actionpack@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-qz2f-jse8-9bhj" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2" } ], "aliases": [ "CVE-2013-6415", "GHSA-6h5q-96hp-9jgm", "OSV-100524" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xz21-jbef-9qf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200384?format=api", "vulnerability_id": "VCID-y17b-pzkn-j3c4", "summary": "rails Cross-site Scripting vulnerability", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/06/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/06/09/2" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/06/13/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/06/13/9" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63707", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2197" }, { "reference_url": "http://secunia.com/advisories/44789", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44789" }, { "reference_url": "https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd" }, { "reference_url": "https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da" }, { "reference_url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2197", "reference_id": "CVE-2011-2197", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2197" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml", "reference_id": "CVE-2011-2197.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml" }, { "reference_url": "https://github.com/advisories/GHSA-v9v4-7jp6-8c73", "reference_id": "GHSA-v9v4-7jp6-8c73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v9v4-7jp6-8c73" } ], "fixed_packages": [], "aliases": [ "CVE-2011-2197", "GHSA-v9v4-7jp6-8c73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y17b-pzkn-j3c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20938?format=api", "vulnerability_id": "VCID-zbyh-ajmd-tybh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50971", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034", "reference_id": "2319034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034" }, { "reference_url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049", "reference_id": "56b2fc3302836405b496e196a8d5fc0195e55049", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049" }, { "reference_url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a", "reference_id": "7c1398854d51f9bb193fb79f226647351133d08a", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a" }, { "reference_url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545", "reference_id": "8e057db25bff1dc7a98e9ae72e0083825b9ac545", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887", "reference_id": "CVE-2024-47887", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml", "reference_id": "CVE-2024-47887.YML", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml" }, { "reference_url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2", "reference_id": "f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2" }, { "reference_url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "GHSA-vfg9-r3fq-jvx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "GHSA-vfg9-r3fq-jvx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33871?format=api", "purl": "pkg:gem/actionpack@6.1.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/529701?format=api", "purl": "pkg:gem/actionpack@7.0.0.alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33875?format=api", "purl": "pkg:gem/actionpack@7.0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/720801?format=api", "purl": "pkg:gem/actionpack@7.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33872?format=api", "purl": "pkg:gem/actionpack@7.1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31926?format=api", "purl": "pkg:gem/actionpack@7.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33874?format=api", "purl": "pkg:gem/actionpack@7.2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/753522?format=api", "purl": "pkg:gem/actionpack@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1" } ], "aliases": [ "CVE-2024-47887", "GHSA-vfg9-r3fq-jvx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbyh-ajmd-tybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200445?format=api", "vulnerability_id": "VCID-ztpa-6u8j-zbbp", "summary": "actionpack Improper Input Validation vulnerability", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08484", "scoring_system": "epss", "scoring_elements": "0.92547", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3187" }, { "reference_url": "https://bugzilla.novell.com/show_bug.cgi?id=673010", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.novell.com/show_bug.cgi?id=673010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html" }, { "reference_url": "http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3187", "reference_id": "CVE-2011-3187", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3187" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb", "reference_id": "CVE-2011-3187;OSVDB-73733", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb" }, { "reference_url": "https://www.securityfocus.com/bid/46423/info", "reference_id": "CVE-2011-3187;OSVDB-73733", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/46423/info" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml", "reference_id": "CVE-2011-3187.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3vfw-7rcp-3xgm", "reference_id": "GHSA-3vfw-7rcp-3xgm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vfw-7rcp-3xgm" } ], "fixed_packages": [], "aliases": [ "CVE-2011-3187", "GHSA-3vfw-7rcp-3xgm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztpa-6u8j-zbbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31082?format=api", "vulnerability_id": "VCID-zxy2-w4m6-tucw", "summary": "Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40739", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250306-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250306-0010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755", "reference_id": "1089755", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619", "reference_id": "2331619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619" }, { "reference_url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49", "reference_id": "2e3f41e4538b9ca1044357f6644f037bbb7c6c49", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49" }, { "reference_url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a", "reference_id": "3da2479cfe1e00177114b17e496213c40d286b3a", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a" }, { "reference_url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542", "reference_id": "5558e72f22fc69c1c407b31ac5fb3b4ce087b542", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542" }, { "reference_url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d", "reference_id": "cb16a3bb515b5d769f73926d9757270ace691f1d", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d" }, { "reference_url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "GHSA-vfm5-rmrh-j26v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "GHSA-vfm5-rmrh-j26v", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372304?format=api", "purl": "pkg:gem/actionpack@7.0.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/720801?format=api", "purl": "pkg:gem/actionpack@7.1.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372305?format=api", "purl": "pkg:gem/actionpack@7.1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31926?format=api", "purl": "pkg:gem/actionpack@7.2.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372306?format=api", "purl": "pkg:gem/actionpack@7.2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/753522?format=api", "purl": "pkg:gem/actionpack@8.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372307?format=api", "purl": "pkg:gem/actionpack@8.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-us61-ajgq-5uaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.1" } ], "aliases": [ "CVE-2024-54133", "GHSA-vfm5-rmrh-j26v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxy2-w4m6-tucw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/200350?format=api", "vulnerability_id": "VCID-72jm-58dq-mub5", "summary": "Action Pack contains database-query restrictions bypass", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36637", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2660" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b" }, { "reference_url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml" }, { "reference_url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353", "reference_id": "827353", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827353" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660", "reference_id": "CVE-2012-2660", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2660" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml", "reference_id": "CVE-2012-2660.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf", "reference_id": "GHSA-hgpp-pp89-4fgf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpp-pp89-4fgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12870?format=api", "purl": "pkg:gem/actionpack@2.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/12909?format=api", "purl": "pkg:gem/actionpack@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/12971?format=api", "purl": "pkg:gem/actionpack@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/12937?format=api", "purl": "pkg:gem/actionpack@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a29-4ncr-bbgm" }, { "vulnerability": "VCID-2529-ucg8-dkgy" }, { "vulnerability": "VCID-2s57-9frf-4qhk" }, { "vulnerability": "VCID-2uka-fwza-dyfc" }, { "vulnerability": "VCID-3k19-3heq-dufq" }, { "vulnerability": "VCID-56hv-j97k-w3dr" }, { "vulnerability": "VCID-58mv-ca6x-ruh8" }, { "vulnerability": "VCID-5932-9sn8-jqbf" }, { "vulnerability": "VCID-5r3f-m1fv-f7bp" }, { "vulnerability": "VCID-6hkq-y2fb-skgq" }, { "vulnerability": "VCID-6rc5-9gn7-tbbv" }, { "vulnerability": "VCID-72jm-58dq-mub5" }, { "vulnerability": "VCID-7b9s-j981-audq" }, { "vulnerability": "VCID-9cgs-zd4y-2qdz" }, { "vulnerability": "VCID-a6dm-ywkf-wkgh" }, { "vulnerability": "VCID-akcz-6jhs-7bdq" }, { "vulnerability": "VCID-ayfj-arqs-5khk" }, { "vulnerability": "VCID-bn9m-pqu3-bffj" }, { "vulnerability": "VCID-cab4-yeek-cfcw" }, { "vulnerability": "VCID-d7kf-83av-dkes" }, { "vulnerability": "VCID-en5b-axpg-eud2" }, { "vulnerability": "VCID-f5mb-arn4-skau" }, { "vulnerability": "VCID-fnx8-28wd-qqgx" }, { "vulnerability": "VCID-g6pk-2xpv-rugw" }, { "vulnerability": "VCID-gyq7-xde5-sfea" }, { "vulnerability": "VCID-h6gd-uea5-u3bp" }, { "vulnerability": "VCID-hfz8-rhgw-hydt" }, { "vulnerability": "VCID-j53k-283t-ebcw" }, { "vulnerability": "VCID-jyvd-yu2u-rucu" }, { "vulnerability": "VCID-khe5-s558-gybb" }, { "vulnerability": "VCID-kkxa-423m-vqbt" }, { "vulnerability": "VCID-kqsm-qvtq-4kc6" }, { "vulnerability": "VCID-m75c-mpmd-93c5" }, { "vulnerability": "VCID-mgr2-ph7w-4qgy" }, { "vulnerability": "VCID-mjpw-b5bt-9qgm" }, { "vulnerability": "VCID-n2av-wp5y-aud3" }, { "vulnerability": "VCID-ndgd-kzmk-7fab" }, { "vulnerability": "VCID-p1c8-u135-k7h6" }, { "vulnerability": "VCID-q148-xawj-bkeu" }, { "vulnerability": "VCID-ryyh-3t4j-hygv" }, { "vulnerability": "VCID-sx3a-wftd-rufh" }, { "vulnerability": "VCID-tp7w-62cp-2yhr" }, { "vulnerability": "VCID-us61-ajgq-5uaa" }, { "vulnerability": "VCID-v1py-zs44-n7cz" }, { "vulnerability": "VCID-vczd-qydk-1bhj" }, { "vulnerability": "VCID-xz21-jbef-9qf9" }, { "vulnerability": "VCID-y17b-pzkn-j3c4" }, { "vulnerability": "VCID-zbyh-ajmd-tybh" }, { "vulnerability": "VCID-ztpa-6u8j-zbbp" }, { "vulnerability": "VCID-zxy2-w4m6-tucw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4" } ], "aliases": [ "CVE-2012-2660", "GHSA-hgpp-pp89-4fgf", "OSV-82610" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72jm-58dq-mub5" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.13" }