{"url":"http://public2.vulnerablecode.io/api/packages/130761?format=json","purl":"pkg:gem/activesupport@3.1","type":"gem","namespace":"","name":"activesupport","version":"3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.2.3.1","latest_non_vulnerable_version":"8.1.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8409?format=json","vulnerability_id":"VCID-43f3-rxwm-fkgv","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a \"UTF-8 escaping vulnerability.\"","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2932","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.7424","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74335","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74337","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74327","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74213","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74295","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74303","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74293","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74256","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74263","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74282","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.7426","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74214","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2932"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731435","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932"},{"reference_url":"http://secunia.com/advisories/45917","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/45917"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2932","reference_id":"CVE-2011-2932","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2932"},{"reference_url":"https://github.com/advisories/GHSA-9fh3-vh3h-q4g3","reference_id":"GHSA-9fh3-vh3h-q4g3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fh3-vh3h-q4g3"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-2932","GHSA-9fh3-vh3h-q4g3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43f3-rxwm-fkgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8395?format=json","vulnerability_id":"VCID-hr2h-y693-sbgc","summary":"activesupport Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3464","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56066","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56161","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56177","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56171","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56174","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56143","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56001","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce"},{"reference_url":"https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23"},{"reference_url":"https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870"},{"reference_url":"https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc"},{"reference_url":"https://github.com/rails/rails/issues/7215","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/issues/7215"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847199","reference_id":"847199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847199"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3464","reference_id":"CVE-2012-3464","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3464"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml","reference_id":"CVE-2012-3464.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml"},{"reference_url":"https://github.com/advisories/GHSA-h835-75hw-pj89","reference_id":"GHSA-h835-75hw-pj89","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h835-75hw-pj89"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68283?format=json","purl":"pkg:gem/activesupport@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rxp-g9rz-4yb3"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-43f3-rxwm-fkgv"},{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-6ku5-mtgz-zygw"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-ca7u-t1y4-uuc7"},{"vulnerability":"VCID-ed3f-3bxh-eba4"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-t2cx-7ycd-tqhq"},{"vulnerability":"VCID-uudj-r63z-kban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/131355?format=json","purl":"pkg:gem/activesupport@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rxp-g9rz-4yb3"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-43f3-rxwm-fkgv"},{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-6ku5-mtgz-zygw"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-ca7u-t1y4-uuc7"},{"vulnerability":"VCID-ed3f-3bxh-eba4"},{"vulnerability":"VCID-hr2h-y693-sbgc"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-t2cx-7ycd-tqhq"},{"vulnerability":"VCID-uudj-r63z-kban"},{"vulnerability":"VCID-va9q-fjn6-yqee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/68284?format=json","purl":"pkg:gem/activesupport@3.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rxp-g9rz-4yb3"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-43f3-rxwm-fkgv"},{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-6ku5-mtgz-zygw"},{"vulnerability":"VCID-6r5v-h4kr-zqen"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-ca7u-t1y4-uuc7"},{"vulnerability":"VCID-ed3f-3bxh-eba4"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-t2cx-7ycd-tqhq"},{"vulnerability":"VCID-uudj-r63z-kban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.8"}],"aliases":["CVE-2012-3464","GHSA-h835-75hw-pj89","OSV-84516"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hr2h-y693-sbgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6718?format=json","vulnerability_id":"VCID-va9q-fjn6-yqee","summary":"Direct Manipulation XSS\nRuby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate direct manipulations of `SafeBuffer` objects via `'[]'` and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1098","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59331","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59332","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59314","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59347","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59353","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59334","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59312","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59204","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59278","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59302","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59266","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59316","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59329","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59348","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=799275","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=799275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098"},{"reference_url":"https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1098","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1098"},{"reference_url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/02/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/03/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/03/1"},{"reference_url":"https://github.com/advisories/GHSA-qv8p-v9qw-wc7g","reference_id":"GHSA-qv8p-v9qw-wc7g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qv8p-v9qw-wc7g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20043?format=json","purl":"pkg:gem/activesupport@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rxp-g9rz-4yb3"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-43f3-rxwm-fkgv"},{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-6ku5-mtgz-zygw"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-ca7u-t1y4-uuc7"},{"vulnerability":"VCID-ed3f-3bxh-eba4"},{"vulnerability":"VCID-hr2h-y693-sbgc"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-t2cx-7ycd-tqhq"},{"vulnerability":"VCID-uudj-r63z-kban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/131355?format=json","purl":"pkg:gem/activesupport@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rxp-g9rz-4yb3"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-43f3-rxwm-fkgv"},{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-6ku5-mtgz-zygw"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-ca7u-t1y4-uuc7"},{"vulnerability":"VCID-ed3f-3bxh-eba4"},{"vulnerability":"VCID-hr2h-y693-sbgc"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-t2cx-7ycd-tqhq"},{"vulnerability":"VCID-uudj-r63z-kban"},{"vulnerability":"VCID-va9q-fjn6-yqee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/20044?format=json","purl":"pkg:gem/activesupport@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rxp-g9rz-4yb3"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-43f3-rxwm-fkgv"},{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-6ku5-mtgz-zygw"},{"vulnerability":"VCID-6r5v-h4kr-zqen"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-ca7u-t1y4-uuc7"},{"vulnerability":"VCID-ed3f-3bxh-eba4"},{"vulnerability":"VCID-hr2h-y693-sbgc"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-t2cx-7ycd-tqhq"},{"vulnerability":"VCID-uudj-r63z-kban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.2.2"}],"aliases":["CVE-2012-1098","GHSA-qv8p-v9qw-wc7g","OSV-79726"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-va9q-fjn6-yqee"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@3.1"}