{"url":"http://public2.vulnerablecode.io/api/packages/130770?format=json","purl":"pkg:gem/actionpack@3.1","type":"gem","namespace":"","name":"actionpack","version":"3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.1.2.1","latest_non_vulnerable_version":"8.1.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6720?format=json","vulnerability_id":"VCID-1rgy-k7a9-m7au","summary":"XSS via posted select tag options\nRuby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1099","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60804","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60704","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.6069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60703","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60694","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60651","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60698","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60755","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60716","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60743","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60541","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60616","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60665","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.6068","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60705","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60691","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60671","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60713","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60719","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1099"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=799276","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=799276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099"},{"reference_url":"https://github.com/advisories/GHSA-2xjj-5x6h-8vmf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xjj-5x6h-8vmf"},{"reference_url":"https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1099","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1099"},{"reference_url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"},{"reference_url":"http://www.debian.org/security/2012/dsa-2466","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2466"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/02/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/03/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/03/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20047?format=json","purl":"pkg:gem/actionpack@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/131401?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rgy-k7a9-m7au"},{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/20048?format=json","purl":"pkg:gem/actionpack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-42dz-pxpv-qff3"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.2"}],"aliases":["CVE-2012-1099","GHSA-2xjj-5x6h-8vmf","OSV-79727"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgy-k7a9-m7au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8415?format=json","vulnerability_id":"VCID-awt1-8bxs-xffs","summary":"actionpack Improper Authentication vulnerability\nThe `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76951","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76859","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76849","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76879","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76896","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76884","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76901","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76714","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76718","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76746","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.7676","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76799","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76779","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76812","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76818","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76809","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.7684","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76847","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=843711","reference_id":"843711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=843711"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424","reference_id":"CVE-2012-3424","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424"},{"reference_url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj","reference_id":"GHSA-92w9-2pqw-rhjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25108?format=json","purl":"pkg:gem/actionpack@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/131401?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rgy-k7a9-m7au"},{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/25109?format=json","purl":"pkg:gem/actionpack@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-42dz-pxpv-qff3"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7"}],"aliases":["CVE-2012-3424","GHSA-92w9-2pqw-rhjj","OSV-84243"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-awt1-8bxs-xffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6742?format=json","vulnerability_id":"VCID-c1w4-z275-tqg7","summary":"Ruby on Rails Potential XSS Vulnerability in select_tag prompt\nWhen a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56101","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56066","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56019","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56068","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56128","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56078","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56161","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56177","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56171","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56174","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56143","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56069","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463"},{"reference_url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847196","reference_id":"847196","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847196"},{"reference_url":"https://github.com/advisories/GHSA-98mf-8f57-64qf","reference_id":"GHSA-98mf-8f57-64qf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98mf-8f57-64qf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20085?format=json","purl":"pkg:gem/actionpack@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/131401?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rgy-k7a9-m7au"},{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/20086?format=json","purl":"pkg:gem/actionpack@3.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-42dz-pxpv-qff3"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8"}],"aliases":["CVE-2012-3463","GHSA-98mf-8f57-64qf","OSV-84515"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1w4-z275-tqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6765?format=json","vulnerability_id":"VCID-carc-ntrd-ebfe","summary":"Multiple vulnerabilities in parameter parsing in Action Pack\nThere are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.","references":[{"reference_url":"http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A","reference_id":"","reference_type":"","scores":[],"url":"http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0153.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0153.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0155.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0155.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99701","published_at":"2026-05-09T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.997","published_at":"2026-05-05T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99699","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99698","published_at":"2026-04-24T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99697","published_at":"2026-04-21T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99689","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99704","published_at":"2026-05-14T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99702","published_at":"2026-05-12T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.9969","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99696","published_at":"2026-04-18T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99694","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99693","published_at":"2026-04-11T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99692","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99691","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0156"},{"reference_url":"https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0156"},{"reference_url":"https://puppet.com/security/cve/cve-2013-0156","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/cve-2013-0156"},{"reference_url":"https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"},{"reference_url":"https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A"},{"reference_url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2604","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2604"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html"},{"reference_url":"http://www.insinuator.net/2013/01/rails-yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.insinuator.net/2013/01/rails-yaml"},{"reference_url":"http://www.insinuator.net/2013/01/rails-yaml/","reference_id":"","reference_type":"","scores":[],"url":"http://www.insinuator.net/2013/01/rails-yaml/"},{"reference_url":"http://www.kb.cert.org/vuls/id/380039","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/380039"},{"reference_url":"http://www.kb.cert.org/vuls/id/628463","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/628463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722","reference_id":"697722","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=892870","reference_id":"892870","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=892870"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/","reference_id":"CVE-2013-0156","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb","reference_id":"CVE-2013-0156;OSVDB-89026","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb","reference_id":"CVE-2013-0156;OSVDB-89026","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb"},{"reference_url":"https://github.com/advisories/GHSA-jmgw-6vjg-jjwg","reference_id":"GHSA-jmgw-6vjg-jjwg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmgw-6vjg-jjwg"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0153","reference_id":"RHSA-2013:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0155","reference_id":"RHSA-2013:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0155"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20158?format=json","purl":"pkg:gem/actionpack@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/131401?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rgy-k7a9-m7au"},{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/20159?format=json","purl":"pkg:gem/actionpack@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-42dz-pxpv-qff3"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11"}],"aliases":["CVE-2013-0156","GHSA-jmgw-6vjg-jjwg","OSV-89026"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-carc-ntrd-ebfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8413?format=json","vulnerability_id":"VCID-cwa7-9d2t-rfhb","summary":"actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56101","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56066","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56019","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56068","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56128","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56078","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56161","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56177","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56137","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56171","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56174","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56143","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77"},{"reference_url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847200","reference_id":"847200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847200"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465","reference_id":"CVE-2012-3465","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465"},{"reference_url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5","reference_id":"GHSA-7g65-ghrg-hpf5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20085?format=json","purl":"pkg:gem/actionpack@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/131401?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rgy-k7a9-m7au"},{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/20086?format=json","purl":"pkg:gem/actionpack@3.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-42dz-pxpv-qff3"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8"}],"aliases":["CVE-2012-3465","GHSA-7g65-ghrg-hpf5","OSV-84513"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwa7-9d2t-rfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8427?format=json","vulnerability_id":"VCID-hmp2-rmzv-wkhg","summary":"Improper Input Validation\nThe template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2929","reference_id":"","reference_type":"","scores":[{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74448","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74301","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74282","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74274","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74311","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.7432","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74312","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74345","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74354","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74353","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.7435","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74379","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74404","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74369","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74392","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74228","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74232","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74265","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.7428","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2929"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731432","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731432"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml"},{"reference_url":"https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2929","reference_id":"CVE-2011-2929","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2929"},{"reference_url":"https://github.com/advisories/GHSA-r7q2-5gqg-6c7q","reference_id":"GHSA-r7q2-5gqg-6c7q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7q2-5gqg-6c7q"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-2929","GHSA-r7q2-5gqg-6c7q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hmp2-rmzv-wkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6734?format=json","vulnerability_id":"VCID-phxs-zet8-ryh3","summary":"SQL Injection\nRuby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660","reference_id":"","reference_type":"","scores":[{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52819","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52808","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52792","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52741","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52712","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52656","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52709","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52752","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52718","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52663","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52734","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.527","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52751","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52745","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52796","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.5278","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52763","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52801","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b"},{"reference_url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml"},{"reference_url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827353","reference_id":"827353","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827353"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660","reference_id":"CVE-2012-2660","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml","reference_id":"CVE-2012-2660.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml","reference_id":"CVE-2012-2660.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml"},{"reference_url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf","reference_id":"GHSA-hgpp-pp89-4fgf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25165?format=json","purl":"pkg:gem/actionpack@3.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/25166?format=json","purl":"pkg:gem/actionpack@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-42dz-pxpv-qff3"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4"}],"aliases":["CVE-2012-2660","GHSA-hgpp-pp89-4fgf","OSV-82610"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phxs-zet8-ryh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6712?format=json","vulnerability_id":"VCID-rps2-k24p-9qgq","summary":"Translate helper method which may allow an attacker to insert arbitrary code into a page\nThe helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1"},{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain"},{"reference_url":"http://openwall.com/lists/oss-security/2011/11/18/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/11/18/8"},{"reference_url":"http://osvdb.org/77199","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/77199"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4319","reference_id":"","reference_type":"","scores":[{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69867","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69677","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69718","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69727","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69759","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69768","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69774","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69747","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69791","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69822","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69792","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69818","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69607","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69621","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69636","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69615","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69666","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69684","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69705","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.6969","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4319"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71364","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71364"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c"},{"reference_url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade"},{"reference_url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU"},{"reference_url":"https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722"},{"reference_url":"https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342"},{"reference_url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released"},{"reference_url":"http://www.securityfocus.com/bid/50722","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/50722"},{"reference_url":"http://www.securitytracker.com/id?1026342","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1026342"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=755004","reference_id":"755004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=755004"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4319","reference_id":"CVE-2011-4319","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4319"},{"reference_url":"https://github.com/advisories/GHSA-xxr8-833v-c7wc","reference_id":"GHSA-xxr8-833v-c7wc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxr8-833v-c7wc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20024?format=json","purl":"pkg:gem/actionpack@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rgy-k7a9-m7au"},{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.2"}],"aliases":["CVE-2011-4319","GHSA-xxr8-833v-c7wc","OSV-77199"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rps2-k24p-9qgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8450?format=json","vulnerability_id":"VCID-tt6r-bytq-4fa4","summary":"actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2694","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44498","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44564","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44569","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44488","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44365","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44441","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44459","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44395","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44428","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44593","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44693","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44631","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44682","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44684","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44701","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4467","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44671","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44728","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4465","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2694"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a"},{"reference_url":"https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=831581","reference_id":"831581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=831581"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2694","reference_id":"CVE-2012-2694","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2694"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml","reference_id":"CVE-2012-2694.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml"},{"reference_url":"https://github.com/advisories/GHSA-q34c-48gc-m9g8","reference_id":"GHSA-q34c-48gc-m9g8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q34c-48gc-m9g8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25183?format=json","purl":"pkg:gem/actionpack@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/25184?format=json","purl":"pkg:gem/actionpack@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xgz-hwng-n3eq"},{"vulnerability":"VCID-333w-aacz-mfcr"},{"vulnerability":"VCID-35rt-t6e1-pfa6"},{"vulnerability":"VCID-3wtf-uu89-2qe5"},{"vulnerability":"VCID-3x4p-t3yb-3yak"},{"vulnerability":"VCID-3zdr-vasc-a7cn"},{"vulnerability":"VCID-42dz-pxpv-qff3"},{"vulnerability":"VCID-49pq-vg95-jkh2"},{"vulnerability":"VCID-4epw-vk25-mfdw"},{"vulnerability":"VCID-4he5-y1u4-gkd2"},{"vulnerability":"VCID-5hqj-fxmk-cbcy"},{"vulnerability":"VCID-63gy-6njy-kbd8"},{"vulnerability":"VCID-6j55-bstz-yybj"},{"vulnerability":"VCID-7f5r-9h1g-nuch"},{"vulnerability":"VCID-86jq-2md2-d7ah"},{"vulnerability":"VCID-9hq5-3usy-5fhq"},{"vulnerability":"VCID-a6sp-18av-wya6"},{"vulnerability":"VCID-awt1-8bxs-xffs"},{"vulnerability":"VCID-bjwf-uhyk-63aj"},{"vulnerability":"VCID-c1w4-z275-tqg7"},{"vulnerability":"VCID-carc-ntrd-ebfe"},{"vulnerability":"VCID-cdnw-t8n1-23ep"},{"vulnerability":"VCID-cnqr-6e98-5kgk"},{"vulnerability":"VCID-cwa7-9d2t-rfhb"},{"vulnerability":"VCID-dd9p-x7k3-37ea"},{"vulnerability":"VCID-ehbj-aezy-d7h4"},{"vulnerability":"VCID-g3rk-djae-pkeh"},{"vulnerability":"VCID-h8gs-ansa-9bd9"},{"vulnerability":"VCID-h94p-ywve-y7h9"},{"vulnerability":"VCID-hmp2-rmzv-wkhg"},{"vulnerability":"VCID-hppf-a715-r7b2"},{"vulnerability":"VCID-j24x-nhsb-yug6"},{"vulnerability":"VCID-kcj2-v7av-47cv"},{"vulnerability":"VCID-knsd-pv15-tydx"},{"vulnerability":"VCID-mep3-6sub-ykdk"},{"vulnerability":"VCID-mnkw-23eu-bkgc"},{"vulnerability":"VCID-msda-xqbp-qfdd"},{"vulnerability":"VCID-n8cc-3stk-97b5"},{"vulnerability":"VCID-nf8s-2aaa-17fw"},{"vulnerability":"VCID-p5mc-r1rg-5ff7"},{"vulnerability":"VCID-pd5s-1xsg-f7a5"},{"vulnerability":"VCID-phxs-zet8-ryh3"},{"vulnerability":"VCID-pmrb-t3bm-zkb6"},{"vulnerability":"VCID-rps2-k24p-9qgq"},{"vulnerability":"VCID-s5ah-tf63-a7cw"},{"vulnerability":"VCID-sfyc-jewr-wuf5"},{"vulnerability":"VCID-sgdb-985e-4uej"},{"vulnerability":"VCID-tt6r-bytq-4fa4"},{"vulnerability":"VCID-v3r3-bwp5-a3bn"},{"vulnerability":"VCID-vgm2-8wjy-x7ed"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"},{"vulnerability":"VCID-y8gn-9fat-e7d1"},{"vulnerability":"VCID-ynqu-cjn9-fqf2"},{"vulnerability":"VCID-z1jv-4ga2-7kd1"},{"vulnerability":"VCID-zkvd-bfd6-t7dg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6"}],"aliases":["CVE-2012-2694","GHSA-q34c-48gc-m9g8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tt6r-bytq-4fa4"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1"}