Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rails@0.9.2
Typegem
Namespace
Namerails
Version0.9.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.1.7.7
Latest_non_vulnerable_version7.1.3.1
Affected_by_vulnerabilities
0
url VCID-2mcx-b9k2-83bh
vulnerability_id VCID-2mcx-b9k2-83bh
summary 
Ruby on Rails vulnerable to code injection
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
references
0
reference_url http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-4111
reference_id
reference_type
scores
0
value 0.03984
scoring_system epss
scoring_elements 0.88406
published_at 2026-04-13T12:55:00Z
1
value 0.03984
scoring_system epss
scoring_elements 0.88414
published_at 2026-04-11T12:55:00Z
2
value 0.03984
scoring_system epss
scoring_elements 0.88403
published_at 2026-04-09T12:55:00Z
3
value 0.03984
scoring_system epss
scoring_elements 0.88397
published_at 2026-04-08T12:55:00Z
4
value 0.03984
scoring_system epss
scoring_elements 0.8835
published_at 2026-04-01T12:55:00Z
5
value 0.03984
scoring_system epss
scoring_elements 0.88373
published_at 2026-04-04T12:55:00Z
6
value 0.03984
scoring_system epss
scoring_elements 0.88359
published_at 2026-04-02T12:55:00Z
7
value 0.03984
scoring_system epss
scoring_elements 0.88378
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-4111
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111
3
reference_url https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
6
reference_url https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
7
reference_url http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits
8
reference_url http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
9
reference_url http://www.novell.com/linux/security/advisories/2006_21_sr.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.novell.com/linux/security/advisories/2006_21_sr.html
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
reference_id 382255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2006-4111
reference_id CVE-2006-4111
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2006-4111
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml
reference_id CVE-2006-4111.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml
13
reference_url https://github.com/advisories/GHSA-rvpq-5xqx-pfpp
reference_id GHSA-rvpq-5xqx-pfpp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rvpq-5xqx-pfpp
14
reference_url https://security.gentoo.org/glsa/200608-20
reference_id GLSA-200608-20
reference_type
scores
url https://security.gentoo.org/glsa/200608-20
fixed_packages
0
url pkg:gem/rails@1.1.6
purl pkg:gem/rails@1.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-4zhj-en7h-3yaz
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-9hvm-2hnk-hyev
8
vulnerability VCID-a6sp-18av-wya6
9
vulnerability VCID-c8b5-d83n-nuhw
10
vulnerability VCID-cnqr-6e98-5kgk
11
vulnerability VCID-es1t-7196-4kbb
12
vulnerability VCID-g5q6-7uav-sqh1
13
vulnerability VCID-gsx2-9sc2-3fbr
14
vulnerability VCID-hppf-a715-r7b2
15
vulnerability VCID-mnkw-23eu-bkgc
16
vulnerability VCID-nzeb-cy9e-tkax
17
vulnerability VCID-r1u7-1avr-fqbs
18
vulnerability VCID-t684-yp58-hkg8
19
vulnerability VCID-wg3a-j2dp-ayh4
20
vulnerability VCID-wgr4-rzk2-4yet
21
vulnerability VCID-wyqh-g8df-hkay
22
vulnerability VCID-xqzj-cww4-nbcy
23
vulnerability VCID-xxbb-7e3n-9yb3
24
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.1.6
aliases CVE-2006-4111, GHSA-rvpq-5xqx-pfpp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mcx-b9k2-83bh
1
url VCID-35rt-t6e1-pfa6
vulnerability_id VCID-35rt-t6e1-pfa6
summary 
Directory Traversal Vulnerability With Certain Route Configurations
The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the RoR application server.
references
0
reference_url http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
1
reference_url http://osvdb.org/show/osvdb/106704
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/106704
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
3
reference_url https://access.redhat.com/errata/RHSA-2014:0510
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:0510
4
reference_url https://access.redhat.com/errata/RHSA-2014:0816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:0816
5
reference_url https://access.redhat.com/errata/RHSA-2014:1863
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1863
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0130
reference_id
reference_type
scores
0
value 0.45374
scoring_system epss
scoring_elements 0.97593
published_at 2026-04-07T12:55:00Z
1
value 0.45374
scoring_system epss
scoring_elements 0.97592
published_at 2026-04-04T12:55:00Z
2
value 0.45374
scoring_system epss
scoring_elements 0.97604
published_at 2026-04-11T12:55:00Z
3
value 0.45374
scoring_system epss
scoring_elements 0.97605
published_at 2026-04-12T12:55:00Z
4
value 0.45374
scoring_system epss
scoring_elements 0.97589
published_at 2026-04-02T12:55:00Z
5
value 0.45374
scoring_system epss
scoring_elements 0.97601
published_at 2026-04-09T12:55:00Z
6
value 0.45374
scoring_system epss
scoring_elements 0.97598
published_at 2026-04-08T12:55:00Z
7
value 0.45374
scoring_system epss
scoring_elements 0.97583
published_at 2026-04-01T12:55:00Z
8
value 0.45374
scoring_system epss
scoring_elements 0.97606
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0130
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1095105
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1095105
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
12
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
13
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
14
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
15
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk
16
reference_url https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244
17
reference_url https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
18
reference_url https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
19
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130
20
reference_url http://www.securityfocus.com/bid/67244
reference_id 67244
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url http://www.securityfocus.com/bid/67244
21
reference_url https://access.redhat.com/security/cve/CVE-2014-0130
reference_id CVE-2014-0130
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-0130
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0130
reference_id CVE-2014-0130
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0130
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml
reference_id CVE-2014-0130.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml
24
reference_url https://github.com/advisories/GHSA-6x85-j5j2-27jx
reference_id GHSA-6x85-j5j2-27jx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6x85-j5j2-27jx
fixed_packages
0
url pkg:gem/rails@3.2.18
purl pkg:gem/rails@3.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-3wtf-uu89-2qe5
2
vulnerability VCID-63gy-6njy-kbd8
3
vulnerability VCID-877d-u9ag-qqdr
4
vulnerability VCID-895a-ydc5-zfg6
5
vulnerability VCID-8dad-dvat-1fg4
6
vulnerability VCID-a6sp-18av-wya6
7
vulnerability VCID-c8b5-d83n-nuhw
8
vulnerability VCID-es1t-7196-4kbb
9
vulnerability VCID-g5q6-7uav-sqh1
10
vulnerability VCID-gsx2-9sc2-3fbr
11
vulnerability VCID-hppf-a715-r7b2
12
vulnerability VCID-mnkw-23eu-bkgc
13
vulnerability VCID-t684-yp58-hkg8
14
vulnerability VCID-wg3a-j2dp-ayh4
15
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.18
1
url pkg:gem/rails@4.0.5
purl pkg:gem/rails@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-3wtf-uu89-2qe5
2
vulnerability VCID-63gy-6njy-kbd8
3
vulnerability VCID-877d-u9ag-qqdr
4
vulnerability VCID-895a-ydc5-zfg6
5
vulnerability VCID-8dad-dvat-1fg4
6
vulnerability VCID-a6sp-18av-wya6
7
vulnerability VCID-c8b5-d83n-nuhw
8
vulnerability VCID-es1t-7196-4kbb
9
vulnerability VCID-g5q6-7uav-sqh1
10
vulnerability VCID-gsx2-9sc2-3fbr
11
vulnerability VCID-hppf-a715-r7b2
12
vulnerability VCID-mnkw-23eu-bkgc
13
vulnerability VCID-pb5f-g4uc-r7fp
14
vulnerability VCID-s5ah-tf63-a7cw
15
vulnerability VCID-t684-yp58-hkg8
16
vulnerability VCID-v3r3-bwp5-a3bn
17
vulnerability VCID-wg3a-j2dp-ayh4
18
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.0.5
2
url pkg:gem/rails@4.1.1
purl pkg:gem/rails@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-3wtf-uu89-2qe5
2
vulnerability VCID-63gy-6njy-kbd8
3
vulnerability VCID-877d-u9ag-qqdr
4
vulnerability VCID-895a-ydc5-zfg6
5
vulnerability VCID-8dad-dvat-1fg4
6
vulnerability VCID-a6sp-18av-wya6
7
vulnerability VCID-c8b5-d83n-nuhw
8
vulnerability VCID-es1t-7196-4kbb
9
vulnerability VCID-g5q6-7uav-sqh1
10
vulnerability VCID-gsx2-9sc2-3fbr
11
vulnerability VCID-hppf-a715-r7b2
12
vulnerability VCID-mnkw-23eu-bkgc
13
vulnerability VCID-pb5f-g4uc-r7fp
14
vulnerability VCID-s5ah-tf63-a7cw
15
vulnerability VCID-t684-yp58-hkg8
16
vulnerability VCID-v3r3-bwp5-a3bn
17
vulnerability VCID-wg3a-j2dp-ayh4
18
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.1
aliases CVE-2014-0130, GHSA-6x85-j5j2-27jx
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35rt-t6e1-pfa6
2
url VCID-3wtf-uu89-2qe5
vulnerability_id VCID-3wtf-uu89-2qe5
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
1
reference_url http://openwall.com/lists/oss-security/2014/02/18/8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/02/18/8
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0215.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0215.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2014-0306.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0306.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0081
reference_id
reference_type
scores
0
value 0.00885
scoring_system epss
scoring_elements 0.75435
published_at 2026-04-13T12:55:00Z
1
value 0.00885
scoring_system epss
scoring_elements 0.75378
published_at 2026-04-01T12:55:00Z
2
value 0.00885
scoring_system epss
scoring_elements 0.75382
published_at 2026-04-02T12:55:00Z
3
value 0.00885
scoring_system epss
scoring_elements 0.75415
published_at 2026-04-04T12:55:00Z
4
value 0.00885
scoring_system epss
scoring_elements 0.75394
published_at 2026-04-07T12:55:00Z
5
value 0.00885
scoring_system epss
scoring_elements 0.75438
published_at 2026-04-08T12:55:00Z
6
value 0.00885
scoring_system epss
scoring_elements 0.75447
published_at 2026-04-09T12:55:00Z
7
value 0.00885
scoring_system epss
scoring_elements 0.75467
published_at 2026-04-11T12:55:00Z
8
value 0.00885
scoring_system epss
scoring_elements 0.75446
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0081
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml
13
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4
14
reference_url https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782
15
reference_url https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647
16
reference_url https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1065520
reference_id 1065520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1065520
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0081
reference_id CVE-2014-0081
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0081
19
reference_url https://github.com/advisories/GHSA-m46p-ggm5-5j83
reference_id GHSA-m46p-ggm5-5j83
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m46p-ggm5-5j83
20
reference_url https://access.redhat.com/errata/RHSA-2014:0215
reference_id RHSA-2014:0215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0215
21
reference_url https://access.redhat.com/errata/RHSA-2014:0306
reference_id RHSA-2014:0306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0306
fixed_packages
0
url pkg:gem/rails@3.2.17
purl pkg:gem/rails@3.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-63gy-6njy-kbd8
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-a6sp-18av-wya6
8
vulnerability VCID-c8b5-d83n-nuhw
9
vulnerability VCID-es1t-7196-4kbb
10
vulnerability VCID-g5q6-7uav-sqh1
11
vulnerability VCID-gsx2-9sc2-3fbr
12
vulnerability VCID-hppf-a715-r7b2
13
vulnerability VCID-mnkw-23eu-bkgc
14
vulnerability VCID-t684-yp58-hkg8
15
vulnerability VCID-wg3a-j2dp-ayh4
16
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.17
1
url pkg:gem/rails@4.0.3
purl pkg:gem/rails@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-63gy-6njy-kbd8
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-a6sp-18av-wya6
8
vulnerability VCID-c8b5-d83n-nuhw
9
vulnerability VCID-es1t-7196-4kbb
10
vulnerability VCID-g5q6-7uav-sqh1
11
vulnerability VCID-gsx2-9sc2-3fbr
12
vulnerability VCID-hppf-a715-r7b2
13
vulnerability VCID-mnkw-23eu-bkgc
14
vulnerability VCID-pb5f-g4uc-r7fp
15
vulnerability VCID-s5ah-tf63-a7cw
16
vulnerability VCID-t684-yp58-hkg8
17
vulnerability VCID-v3r3-bwp5-a3bn
18
vulnerability VCID-wg3a-j2dp-ayh4
19
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.0.3
2
url pkg:gem/rails@4.1.0.beta2
purl pkg:gem/rails@4.1.0.beta2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-3wtf-uu89-2qe5
2
vulnerability VCID-63gy-6njy-kbd8
3
vulnerability VCID-877d-u9ag-qqdr
4
vulnerability VCID-895a-ydc5-zfg6
5
vulnerability VCID-8dad-dvat-1fg4
6
vulnerability VCID-a6sp-18av-wya6
7
vulnerability VCID-c8b5-d83n-nuhw
8
vulnerability VCID-es1t-7196-4kbb
9
vulnerability VCID-g5q6-7uav-sqh1
10
vulnerability VCID-gsx2-9sc2-3fbr
11
vulnerability VCID-hppf-a715-r7b2
12
vulnerability VCID-mnkw-23eu-bkgc
13
vulnerability VCID-pb5f-g4uc-r7fp
14
vulnerability VCID-s5ah-tf63-a7cw
15
vulnerability VCID-t684-yp58-hkg8
16
vulnerability VCID-v3r3-bwp5-a3bn
17
vulnerability VCID-wg3a-j2dp-ayh4
18
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.0.beta2
3
url pkg:gem/rails@4.1.0
purl pkg:gem/rails@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-63gy-6njy-kbd8
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-a6sp-18av-wya6
8
vulnerability VCID-c8b5-d83n-nuhw
9
vulnerability VCID-es1t-7196-4kbb
10
vulnerability VCID-g5q6-7uav-sqh1
11
vulnerability VCID-gsx2-9sc2-3fbr
12
vulnerability VCID-hppf-a715-r7b2
13
vulnerability VCID-mnkw-23eu-bkgc
14
vulnerability VCID-pb5f-g4uc-r7fp
15
vulnerability VCID-s5ah-tf63-a7cw
16
vulnerability VCID-t684-yp58-hkg8
17
vulnerability VCID-v3r3-bwp5-a3bn
18
vulnerability VCID-wg3a-j2dp-ayh4
19
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.0
aliases CVE-2014-0081, GHSA-m46p-ggm5-5j83, OSV-103439
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wtf-uu89-2qe5
3
url VCID-4zhj-en7h-3yaz
vulnerability_id VCID-4zhj-en7h-3yaz
summary 
Improper Authentication
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
references
0
reference_url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
1
reference_url http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-2422
reference_id
reference_type
scores
0
value 0.00403
scoring_system epss
scoring_elements 0.60909
published_at 2026-04-09T12:55:00Z
1
value 0.00403
scoring_system epss
scoring_elements 0.60893
published_at 2026-04-08T12:55:00Z
2
value 0.00403
scoring_system epss
scoring_elements 0.60779
published_at 2026-04-01T12:55:00Z
3
value 0.00403
scoring_system epss
scoring_elements 0.60898
published_at 2026-04-13T12:55:00Z
4
value 0.00403
scoring_system epss
scoring_elements 0.60917
published_at 2026-04-12T12:55:00Z
5
value 0.00403
scoring_system epss
scoring_elements 0.60931
published_at 2026-04-11T12:55:00Z
6
value 0.00403
scoring_system epss
scoring_elements 0.60844
published_at 2026-04-07T12:55:00Z
7
value 0.00403
scoring_system epss
scoring_elements 0.6088
published_at 2026-04-04T12:55:00Z
8
value 0.00403
scoring_system epss
scoring_elements 0.60852
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-2422
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422
5
reference_url http://secunia.com/advisories/35702
reference_id
reference_type
scores
url http://secunia.com/advisories/35702
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml
8
reference_url http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT4077
9
reference_url https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702
10
reference_url https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579
11
reference_url http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
12
reference_url http://www.securityfocus.com/bid/35579
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/35579
13
reference_url http://www.vupen.com/english/advisories/2009/1802
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/1802
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=509564
reference_id 509564
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=509564
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896
reference_id 535896
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-2422
reference_id CVE-2009-2422
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-2422
17
reference_url https://github.com/advisories/GHSA-rxq3-gm4p-5fj4
reference_id GHSA-rxq3-gm4p-5fj4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxq3-gm4p-5fj4
18
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@2.3.3
purl pkg:gem/rails@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-3zdr-vasc-a7cn
4
vulnerability VCID-49pq-vg95-jkh2
5
vulnerability VCID-7f5r-9h1g-nuch
6
vulnerability VCID-877d-u9ag-qqdr
7
vulnerability VCID-895a-ydc5-zfg6
8
vulnerability VCID-8dad-dvat-1fg4
9
vulnerability VCID-a6sp-18av-wya6
10
vulnerability VCID-c8b5-d83n-nuhw
11
vulnerability VCID-cnqr-6e98-5kgk
12
vulnerability VCID-es1t-7196-4kbb
13
vulnerability VCID-g5q6-7uav-sqh1
14
vulnerability VCID-gsx2-9sc2-3fbr
15
vulnerability VCID-hppf-a715-r7b2
16
vulnerability VCID-j24x-nhsb-yug6
17
vulnerability VCID-mnkw-23eu-bkgc
18
vulnerability VCID-t684-yp58-hkg8
19
vulnerability VCID-wg3a-j2dp-ayh4
20
vulnerability VCID-xxbb-7e3n-9yb3
21
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.3
aliases CVE-2009-2422, GHSA-rxq3-gm4p-5fj4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zhj-en7h-3yaz
4
url VCID-877d-u9ag-qqdr
vulnerability_id VCID-877d-u9ag-qqdr
summary 
Rails Denial of Service vulnerability
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-4112
reference_id
reference_type
scores
0
value 0.07371
scoring_system epss
scoring_elements 0.91681
published_at 2026-04-01T12:55:00Z
1
value 0.07371
scoring_system epss
scoring_elements 0.91724
published_at 2026-04-13T12:55:00Z
2
value 0.07371
scoring_system epss
scoring_elements 0.91728
published_at 2026-04-12T12:55:00Z
3
value 0.07371
scoring_system epss
scoring_elements 0.91726
published_at 2026-04-11T12:55:00Z
4
value 0.07371
scoring_system epss
scoring_elements 0.91723
published_at 2026-04-09T12:55:00Z
5
value 0.07371
scoring_system epss
scoring_elements 0.91716
published_at 2026-04-08T12:55:00Z
6
value 0.07371
scoring_system epss
scoring_elements 0.91695
published_at 2026-04-04T12:55:00Z
7
value 0.07371
scoring_system epss
scoring_elements 0.9169
published_at 2026-04-02T12:55:00Z
8
value 0.07371
scoring_system epss
scoring_elements 0.91703
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-4112
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/28364
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/28364
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
5
reference_url https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded
6
reference_url https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
7
reference_url http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure
8
reference_url http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
9
reference_url http://www.kb.cert.org/vuls/id/699540
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/699540
10
reference_url http://www.novell.com/linux/security/advisories/2006_21_sr.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.novell.com/linux/security/advisories/2006_21_sr.html
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
reference_id 382255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2006-4112
reference_id CVE-2006-4112
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2006-4112
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml
reference_id CVE-2006-4112.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml
14
reference_url https://github.com/advisories/GHSA-9wrq-xvmp-xjc8
reference_id GHSA-9wrq-xvmp-xjc8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9wrq-xvmp-xjc8
15
reference_url https://security.gentoo.org/glsa/200608-20
reference_id GLSA-200608-20
reference_type
scores
url https://security.gentoo.org/glsa/200608-20
fixed_packages
0
url pkg:gem/rails@1.1.6
purl pkg:gem/rails@1.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-4zhj-en7h-3yaz
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-9hvm-2hnk-hyev
8
vulnerability VCID-a6sp-18av-wya6
9
vulnerability VCID-c8b5-d83n-nuhw
10
vulnerability VCID-cnqr-6e98-5kgk
11
vulnerability VCID-es1t-7196-4kbb
12
vulnerability VCID-g5q6-7uav-sqh1
13
vulnerability VCID-gsx2-9sc2-3fbr
14
vulnerability VCID-hppf-a715-r7b2
15
vulnerability VCID-mnkw-23eu-bkgc
16
vulnerability VCID-nzeb-cy9e-tkax
17
vulnerability VCID-r1u7-1avr-fqbs
18
vulnerability VCID-t684-yp58-hkg8
19
vulnerability VCID-wg3a-j2dp-ayh4
20
vulnerability VCID-wgr4-rzk2-4yet
21
vulnerability VCID-wyqh-g8df-hkay
22
vulnerability VCID-xqzj-cww4-nbcy
23
vulnerability VCID-xxbb-7e3n-9yb3
24
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.1.6
aliases CVE-2006-4112, GHSA-9wrq-xvmp-xjc8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-877d-u9ag-qqdr
5
url VCID-895a-ydc5-zfg6
vulnerability_id VCID-895a-ydc5-zfg6
summary 
Circumvention of file size limits in ActiveStorage
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.

Versions Affected:  rails < 5.2.4.2, rails < 6.0.3.1
Not affected:       Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------

Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.

Workarounds
-----------

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8162
reference_id
reference_type
scores
0
value 0.01549
scoring_system epss
scoring_elements 0.81411
published_at 2026-04-13T12:55:00Z
1
value 0.01549
scoring_system epss
scoring_elements 0.81418
published_at 2026-04-12T12:55:00Z
2
value 0.01549
scoring_system epss
scoring_elements 0.81378
published_at 2026-04-04T12:55:00Z
3
value 0.01549
scoring_system epss
scoring_elements 0.81431
published_at 2026-04-11T12:55:00Z
4
value 0.01549
scoring_system epss
scoring_elements 0.81409
published_at 2026-04-09T12:55:00Z
5
value 0.01549
scoring_system epss
scoring_elements 0.81405
published_at 2026-04-08T12:55:00Z
6
value 0.01549
scoring_system epss
scoring_elements 0.81376
published_at 2026-04-07T12:55:00Z
7
value 0.01549
scoring_system epss
scoring_elements 0.81347
published_at 2026-04-01T12:55:00Z
8
value 0.01549
scoring_system epss
scoring_elements 0.81356
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8162
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://github.com/aws/aws-sdk-ruby
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-ruby
9
reference_url https://github.com/aws/aws-sdk-ruby/issues/2098
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-ruby/issues/2098
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml
11
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
12
reference_url https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ
13
reference_url https://hackerone.com/reports/789579
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/789579
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8162
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8162
15
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843005
reference_id 1843005
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843005
17
reference_url https://github.com/advisories/GHSA-m42x-37p3-fv5w
reference_id GHSA-m42x-37p3-fv5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m42x-37p3-fv5w
18
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.2
purl pkg:gem/rails@5.2.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-65tq-e5eb-eucj
3
vulnerability VCID-a6sp-18av-wya6
4
vulnerability VCID-es1t-7196-4kbb
5
vulnerability VCID-gjey-bqtd-kqa1
6
vulnerability VCID-hppf-a715-r7b2
7
vulnerability VCID-jwun-grgg-2uet
8
vulnerability VCID-mnkw-23eu-bkgc
9
vulnerability VCID-t684-yp58-hkg8
10
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.2
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x8-jxdf-jqdz
1
vulnerability VCID-1bxs-yghe-cyck
2
vulnerability VCID-1xgz-hwng-n3eq
3
vulnerability VCID-5qu2-b8gt-7qe3
4
vulnerability VCID-63gy-6njy-kbd8
5
vulnerability VCID-65tq-e5eb-eucj
6
vulnerability VCID-gjey-bqtd-kqa1
7
vulnerability VCID-hppf-a715-r7b2
8
vulnerability VCID-jwun-grgg-2uet
9
vulnerability VCID-wg3a-j2dp-ayh4
10
vulnerability VCID-wyy6-h8bq-vyde
11
vulnerability VCID-zy7d-3db6-sydw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8162, GHSA-m42x-37p3-fv5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-895a-ydc5-zfg6
6
url VCID-8dad-dvat-1fg4
vulnerability_id VCID-8dad-dvat-1fg4
summary 
Path Traversal in Action View
# File Content Disclosure in Action View

Impact 
------ 
There is a possible file content disclosure vulnerability in Action View.  Specially crafted accept headers in combination with calls to `render file:`  can cause arbitrary files on the target server to be rendered, disclosing the  file contents. 

The impact is limited to calls to `render` which render file contents without  a specified accept format.  Impacted code in a controller looks something like this: 

``` ruby
class UserController < ApplicationController 
  def index 
    render file: "#{Rails.root}/some/file" 
  end 
end 
``` 

Rendering templates as opposed to files is not impacted by this vulnerability. 

All users running an affected release should either upgrade or use one of the workarounds immediately. 

Releases 
-------- 
The 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, and 4.2.11.1 releases are available at the normal locations. 

Workarounds 
----------- 
This vulnerability can be mitigated by specifying a format for file rendering, like this: 

``` ruby
class UserController < ApplicationController 
  def index 
    render file: "#{Rails.root}/some/file", formats: [:html] 
  end 
end 
``` 

In summary, impacted calls to `render` look like this: 

``` 
render file: "#{Rails.root}/some/file" 
``` 

The vulnerability can be mitigated by changing to this: 

``` 
render file: "#{Rails.root}/some/file", formats: [:html] 
``` 

Other calls to `render` are not impacted. 

Alternatively, the following monkey patch can be applied in an initializer: 

``` ruby
$ cat config/initializers/formats_filter.rb 
# frozen_string_literal: true 

ActionDispatch::Request.prepend(Module.new do 
  def formats 
    super().select do |format| 
      format.symbol || format.ref == "*/*" 
    end 
  end 
end) 
``` 

Credits 
------- 
Thanks to John Hawthorn <john@hawthorn.email> of GitHub
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
1
reference_url http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:0796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://access.redhat.com/errata/RHSA-2019:0796
3
reference_url https://access.redhat.com/errata/RHSA-2019:1147
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://access.redhat.com/errata/RHSA-2019:1147
4
reference_url https://access.redhat.com/errata/RHSA-2019:1149
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://access.redhat.com/errata/RHSA-2019:1149
5
reference_url https://access.redhat.com/errata/RHSA-2019:1289
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://access.redhat.com/errata/RHSA-2019:1289
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5418
reference_id
reference_type
scores
0
value 0.94318
scoring_system epss
scoring_elements 0.9995
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5418
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q
11
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
12
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg
13
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
17
reference_url https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
18
reference_url https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
reference_id
reference_type
scores
url https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
19
reference_url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
20
reference_url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
21
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418
22
reference_url https://www.exploit-db.com/exploits/46585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46585
23
reference_url https://www.exploit-db.com/exploits/46585/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://www.exploit-db.com/exploits/46585/
24
reference_url http://www.openwall.com/lists/oss-security/2019/03/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url http://www.openwall.com/lists/oss-security/2019/03/22/1
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1689159
reference_id 1689159
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1689159
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
reference_id 924520
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
34
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py
reference_id CVE-2019-5418
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5418
reference_id CVE-2019-5418
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5418
36
reference_url https://github.com/advisories/GHSA-86g5-2wh3-gc9j
reference_id GHSA-86g5-2wh3-gc9j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-86g5-2wh3-gc9j
37
reference_url https://usn.ubuntu.com/7646-1/
reference_id USN-7646-1
reference_type
scores
url https://usn.ubuntu.com/7646-1/
fixed_packages
0
url pkg:gem/rails@4.2.11.1
purl pkg:gem/rails@4.2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-895a-ydc5-zfg6
3
vulnerability VCID-a6sp-18av-wya6
4
vulnerability VCID-es1t-7196-4kbb
5
vulnerability VCID-g5q6-7uav-sqh1
6
vulnerability VCID-hppf-a715-r7b2
7
vulnerability VCID-mnkw-23eu-bkgc
8
vulnerability VCID-t684-yp58-hkg8
9
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.2.11.1
1
url pkg:gem/rails@5.0.7.2
purl pkg:gem/rails@5.0.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-895a-ydc5-zfg6
3
vulnerability VCID-a6sp-18av-wya6
4
vulnerability VCID-es1t-7196-4kbb
5
vulnerability VCID-hppf-a715-r7b2
6
vulnerability VCID-jwun-grgg-2uet
7
vulnerability VCID-mnkw-23eu-bkgc
8
vulnerability VCID-t684-yp58-hkg8
9
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.7.2
2
url pkg:gem/rails@5.1.6.2
purl pkg:gem/rails@5.1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-895a-ydc5-zfg6
3
vulnerability VCID-a6sp-18av-wya6
4
vulnerability VCID-es1t-7196-4kbb
5
vulnerability VCID-hppf-a715-r7b2
6
vulnerability VCID-jwun-grgg-2uet
7
vulnerability VCID-mnkw-23eu-bkgc
8
vulnerability VCID-t684-yp58-hkg8
9
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.1.6.2
3
url pkg:gem/rails@5.2.2.1
purl pkg:gem/rails@5.2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-65tq-e5eb-eucj
3
vulnerability VCID-895a-ydc5-zfg6
4
vulnerability VCID-a6sp-18av-wya6
5
vulnerability VCID-es1t-7196-4kbb
6
vulnerability VCID-gjey-bqtd-kqa1
7
vulnerability VCID-hppf-a715-r7b2
8
vulnerability VCID-jwun-grgg-2uet
9
vulnerability VCID-mnkw-23eu-bkgc
10
vulnerability VCID-t684-yp58-hkg8
11
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.1
aliases CVE-2019-5418, GHSA-86g5-2wh3-gc9j
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8dad-dvat-1fg4
7
url VCID-9hvm-2hnk-hyev
vulnerability_id VCID-9hvm-2hnk-hyev
summary The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.
references
0
reference_url http://dev.rubyonrails.org/changeset/8177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://dev.rubyonrails.org/changeset/8177
1
reference_url http://dev.rubyonrails.org/ticket/10048
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://dev.rubyonrails.org/ticket/10048
2
reference_url http://docs.info.apple.com/article.html?artnum=307179
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://docs.info.apple.com/article.html?artnum=307179
3
reference_url http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-6077
reference_id
reference_type
scores
0
value 0.03262
scoring_system epss
scoring_elements 0.87118
published_at 2026-04-04T12:55:00Z
1
value 0.03262
scoring_system epss
scoring_elements 0.87142
published_at 2026-04-13T12:55:00Z
2
value 0.03262
scoring_system epss
scoring_elements 0.87139
published_at 2026-04-09T12:55:00Z
3
value 0.03262
scoring_system epss
scoring_elements 0.87132
published_at 2026-04-08T12:55:00Z
4
value 0.03262
scoring_system epss
scoring_elements 0.87111
published_at 2026-04-07T12:55:00Z
5
value 0.03262
scoring_system epss
scoring_elements 0.8709
published_at 2026-04-01T12:55:00Z
6
value 0.03262
scoring_system epss
scoring_elements 0.87101
published_at 2026-04-02T12:55:00Z
7
value 0.03262
scoring_system epss
scoring_elements 0.87147
published_at 2026-04-12T12:55:00Z
8
value 0.03262
scoring_system epss
scoring_elements 0.87152
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-6077
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077
6
reference_url http://secunia.com/advisories/27781
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27781
7
reference_url http://secunia.com/advisories/28136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/28136
8
reference_url https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
9
reference_url http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
10
reference_url http://www.securityfocus.com/bid/26598
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/26598
11
reference_url http://www.us-cert.gov/cas/techalerts/TA07-352A.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.us-cert.gov/cas/techalerts/TA07-352A.html
12
reference_url http://www.vupen.com/english/advisories/2007/4009
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/4009
13
reference_url http://www.vupen.com/english/advisories/2007/4238
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/4238
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748
reference_id 452748
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-6077
reference_id CVE-2007-6077
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-6077
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml
reference_id CVE-2007-6077.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml
17
reference_url https://github.com/advisories/GHSA-p4c6-77gc-694x
reference_id GHSA-p4c6-77gc-694x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p4c6-77gc-694x
18
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@1.2.6
purl pkg:gem/rails@1.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-4zhj-en7h-3yaz
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-a6sp-18av-wya6
8
vulnerability VCID-c8b5-d83n-nuhw
9
vulnerability VCID-cnqr-6e98-5kgk
10
vulnerability VCID-es1t-7196-4kbb
11
vulnerability VCID-g5q6-7uav-sqh1
12
vulnerability VCID-gsx2-9sc2-3fbr
13
vulnerability VCID-hppf-a715-r7b2
14
vulnerability VCID-mnkw-23eu-bkgc
15
vulnerability VCID-nzeb-cy9e-tkax
16
vulnerability VCID-t684-yp58-hkg8
17
vulnerability VCID-wg3a-j2dp-ayh4
18
vulnerability VCID-wyqh-g8df-hkay
19
vulnerability VCID-xxbb-7e3n-9yb3
20
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.6
aliases CVE-2007-6077, GHSA-p4c6-77gc-694x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hvm-2hnk-hyev
8
url VCID-a6sp-18av-wya6
vulnerability_id VCID-a6sp-18av-wya6
summary 
Possible Strong Parameters Bypass in ActionPack
There is a strong parameters bypass vector in ActionPack.

Versions Affected:  rails <= 6.0.3
Not affected:       rails < 5.0.0
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------
In some cases user supplied information can be inadvertently leaked from
Strong Parameters.  Specifically the return value of `each`, or `each_value`,
or `each_pair` will return the underlying "untrusted" hash of data that was
read from the parameters.  Applications that use this return value may be
inadvertently use untrusted user input.

Impacted code will look something like this:

```
def update
  # Attacker has included the parameter: `{ is_admin: true }`
  User.update(clean_up_params)
end

def clean_up_params
   params.each { |k, v|  SomeModel.check(v) if k == :name }
end
```

Note the mistaken use of `each` in the `clean_up_params` method in the above
example.

Workarounds
-----------
Do not use the return values of `each`, `each_value`, or `each_pair` in your
application.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
reference_id
reference_type
scores
0
value 0.07389
scoring_system epss
scoring_elements 0.91732
published_at 2026-04-13T12:55:00Z
1
value 0.07389
scoring_system epss
scoring_elements 0.9169
published_at 2026-04-01T12:55:00Z
2
value 0.07389
scoring_system epss
scoring_elements 0.91698
published_at 2026-04-02T12:55:00Z
3
value 0.07389
scoring_system epss
scoring_elements 0.91703
published_at 2026-04-04T12:55:00Z
4
value 0.07389
scoring_system epss
scoring_elements 0.91712
published_at 2026-04-07T12:55:00Z
5
value 0.07389
scoring_system epss
scoring_elements 0.91724
published_at 2026-04-08T12:55:00Z
6
value 0.07389
scoring_system epss
scoring_elements 0.91731
published_at 2026-04-09T12:55:00Z
7
value 0.07389
scoring_system epss
scoring_elements 0.91734
published_at 2026-04-11T12:55:00Z
8
value 0.07389
scoring_system epss
scoring_elements 0.91736
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
14
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
15
reference_url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
16
reference_url https://hackerone.com/reports/292797
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/292797
17
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
18
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
20
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
reference_id 1842634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
22
reference_url https://github.com/advisories/GHSA-8727-m6gj-mc37
reference_id GHSA-8727-m6gj-mc37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8727-m6gj-mc37
23
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.3
purl pkg:gem/rails@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-65tq-e5eb-eucj
3
vulnerability VCID-gjey-bqtd-kqa1
4
vulnerability VCID-hppf-a715-r7b2
5
vulnerability VCID-jwun-grgg-2uet
6
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x8-jxdf-jqdz
1
vulnerability VCID-1bxs-yghe-cyck
2
vulnerability VCID-1xgz-hwng-n3eq
3
vulnerability VCID-5qu2-b8gt-7qe3
4
vulnerability VCID-63gy-6njy-kbd8
5
vulnerability VCID-65tq-e5eb-eucj
6
vulnerability VCID-gjey-bqtd-kqa1
7
vulnerability VCID-hppf-a715-r7b2
8
vulnerability VCID-jwun-grgg-2uet
9
vulnerability VCID-wg3a-j2dp-ayh4
10
vulnerability VCID-wyy6-h8bq-vyde
11
vulnerability VCID-zy7d-3db6-sydw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8164, GHSA-8727-m6gj-mc37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6sp-18av-wya6
9
url VCID-c8b5-d83n-nuhw
vulnerability_id VCID-c8b5-d83n-nuhw
summary 
Allocation of Resources Without Limits or Throttling
There is a possible denial of service vulnerability in Action View (Rails)  where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
3
reference_url https://access.redhat.com/errata/RHSA-2019:0796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0796
4
reference_url https://access.redhat.com/errata/RHSA-2019:1147
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1147
5
reference_url https://access.redhat.com/errata/RHSA-2019:1149
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1149
6
reference_url https://access.redhat.com/errata/RHSA-2019:1289
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1289
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5419
reference_id
reference_type
scores
0
value 0.12118
scoring_system epss
scoring_elements 0.93803
published_at 2026-04-13T12:55:00Z
1
value 0.12118
scoring_system epss
scoring_elements 0.93764
published_at 2026-04-01T12:55:00Z
2
value 0.12118
scoring_system epss
scoring_elements 0.93773
published_at 2026-04-02T12:55:00Z
3
value 0.12118
scoring_system epss
scoring_elements 0.93783
published_at 2026-04-04T12:55:00Z
4
value 0.12118
scoring_system epss
scoring_elements 0.93787
published_at 2026-04-07T12:55:00Z
5
value 0.12118
scoring_system epss
scoring_elements 0.93795
published_at 2026-04-08T12:55:00Z
6
value 0.12118
scoring_system epss
scoring_elements 0.93798
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5419
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
12
reference_url https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715
13
reference_url https://github.com/rails/rails/pull/35708
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/pull/35708
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml
15
reference_url https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI
16
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
17
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
21
reference_url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
22
reference_url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
reference_id
reference_type
scores
url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
23
reference_url http://www.openwall.com/lists/oss-security/2019/03/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/03/22/1
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1689160
reference_id 1689160
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1689160
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
reference_id 924520
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5419
reference_id CVE-2019-5419
reference_type
scores
0
value 7.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:C
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5419
35
reference_url https://github.com/advisories/GHSA-m63j-wh5w-c252
reference_id GHSA-m63j-wh5w-c252
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m63j-wh5w-c252
fixed_packages
0
url pkg:gem/rails@4.2.11.1
purl pkg:gem/rails@4.2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-895a-ydc5-zfg6
3
vulnerability VCID-a6sp-18av-wya6
4
vulnerability VCID-es1t-7196-4kbb
5
vulnerability VCID-g5q6-7uav-sqh1
6
vulnerability VCID-hppf-a715-r7b2
7
vulnerability VCID-mnkw-23eu-bkgc
8
vulnerability VCID-t684-yp58-hkg8
9
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.2.11.1
1
url pkg:gem/rails@5.0.7.2
purl pkg:gem/rails@5.0.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-895a-ydc5-zfg6
3
vulnerability VCID-a6sp-18av-wya6
4
vulnerability VCID-es1t-7196-4kbb
5
vulnerability VCID-hppf-a715-r7b2
6
vulnerability VCID-jwun-grgg-2uet
7
vulnerability VCID-mnkw-23eu-bkgc
8
vulnerability VCID-t684-yp58-hkg8
9
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.7.2
2
url pkg:gem/rails@5.1.6.2
purl pkg:gem/rails@5.1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-895a-ydc5-zfg6
3
vulnerability VCID-a6sp-18av-wya6
4
vulnerability VCID-es1t-7196-4kbb
5
vulnerability VCID-hppf-a715-r7b2
6
vulnerability VCID-jwun-grgg-2uet
7
vulnerability VCID-mnkw-23eu-bkgc
8
vulnerability VCID-t684-yp58-hkg8
9
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.1.6.2
3
url pkg:gem/rails@5.2.2.1
purl pkg:gem/rails@5.2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-65tq-e5eb-eucj
3
vulnerability VCID-895a-ydc5-zfg6
4
vulnerability VCID-a6sp-18av-wya6
5
vulnerability VCID-es1t-7196-4kbb
6
vulnerability VCID-gjey-bqtd-kqa1
7
vulnerability VCID-hppf-a715-r7b2
8
vulnerability VCID-jwun-grgg-2uet
9
vulnerability VCID-mnkw-23eu-bkgc
10
vulnerability VCID-t684-yp58-hkg8
11
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.1
aliases CVE-2019-5419, GHSA-m63j-wh5w-c252
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8b5-d83n-nuhw
10
url VCID-cnqr-6e98-5kgk
vulnerability_id VCID-cnqr-6e98-5kgk
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0446
reference_id
reference_type
scores
0
value 0.0067
scoring_system epss
scoring_elements 0.7132
published_at 2026-04-13T12:55:00Z
1
value 0.0067
scoring_system epss
scoring_elements 0.71274
published_at 2026-04-07T12:55:00Z
2
value 0.0067
scoring_system epss
scoring_elements 0.71282
published_at 2026-04-02T12:55:00Z
3
value 0.0067
scoring_system epss
scoring_elements 0.713
published_at 2026-04-04T12:55:00Z
4
value 0.0067
scoring_system epss
scoring_elements 0.71316
published_at 2026-04-08T12:55:00Z
5
value 0.0067
scoring_system epss
scoring_elements 0.71329
published_at 2026-04-09T12:55:00Z
6
value 0.0067
scoring_system epss
scoring_elements 0.71352
published_at 2026-04-11T12:55:00Z
7
value 0.0067
scoring_system epss
scoring_elements 0.71337
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0446
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446
6
reference_url http://secunia.com/advisories/43274
reference_id
reference_type
scores
url http://secunia.com/advisories/43274
7
reference_url http://secunia.com/advisories/43666
reference_id
reference_type
scores
url http://secunia.com/advisories/43666
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217
10
reference_url https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2
11
reference_url https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
12
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274
13
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666
14
reference_url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
15
reference_url https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064
16
reference_url http://www.debian.org/security/2011/dsa-2247
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2247
17
reference_url http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46291
18
reference_url http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1025064
19
reference_url http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0587
20
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id 614864
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0446
reference_id CVE-2011-0446
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0446
53
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml
reference_id CVE-2011-0446.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml
54
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml
reference_id CVE-2011-0446.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml
55
reference_url https://github.com/advisories/GHSA-75w6-p6mg-vh8j
reference_id GHSA-75w6-p6mg-vh8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75w6-p6mg-vh8j
56
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/rails@2.3.11
purl pkg:gem/rails@2.3.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-877d-u9ag-qqdr
4
vulnerability VCID-895a-ydc5-zfg6
5
vulnerability VCID-8dad-dvat-1fg4
6
vulnerability VCID-a6sp-18av-wya6
7
vulnerability VCID-c8b5-d83n-nuhw
8
vulnerability VCID-es1t-7196-4kbb
9
vulnerability VCID-g5q6-7uav-sqh1
10
vulnerability VCID-gsx2-9sc2-3fbr
11
vulnerability VCID-hppf-a715-r7b2
12
vulnerability VCID-mnkw-23eu-bkgc
13
vulnerability VCID-t684-yp58-hkg8
14
vulnerability VCID-wg3a-j2dp-ayh4
15
vulnerability VCID-xxbb-7e3n-9yb3
16
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.11
1
url pkg:gem/rails@3.0.4
purl pkg:gem/rails@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-63gy-6njy-kbd8
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-a6sp-18av-wya6
8
vulnerability VCID-c8b5-d83n-nuhw
9
vulnerability VCID-es1t-7196-4kbb
10
vulnerability VCID-g5q6-7uav-sqh1
11
vulnerability VCID-gsx2-9sc2-3fbr
12
vulnerability VCID-hppf-a715-r7b2
13
vulnerability VCID-j24x-nhsb-yug6
14
vulnerability VCID-mep3-6sub-ykdk
15
vulnerability VCID-mnkw-23eu-bkgc
16
vulnerability VCID-pmrb-t3bm-zkb6
17
vulnerability VCID-rps2-k24p-9qgq
18
vulnerability VCID-t684-yp58-hkg8
19
vulnerability VCID-wg3a-j2dp-ayh4
20
vulnerability VCID-xxbb-7e3n-9yb3
21
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.4
aliases CVE-2011-0446, GHSA-75w6-p6mg-vh8j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cnqr-6e98-5kgk
11
url VCID-es1t-7196-4kbb
vulnerability_id VCID-es1t-7196-4kbb
summary 
CSRF Vulnerability in rails-ujs
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains.

Versions Affected:  rails <= 6.0.3
Not affected:       Applications which don't use rails-ujs.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------

This is a regression of CVE-2015-1840.

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to a cross-origin URL, and the CSRF token will be sent.

Workarounds
-----------

To work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.

For example, code like this:

    link_to params

to code like this:

    link_to filtered_params

    def filtered_params
      # Filter just the parameters that you trust
    end
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8167
reference_id
reference_type
scores
0
value 0.00592
scoring_system epss
scoring_elements 0.69242
published_at 2026-04-13T12:55:00Z
1
value 0.00592
scoring_system epss
scoring_elements 0.69177
published_at 2026-04-01T12:55:00Z
2
value 0.00592
scoring_system epss
scoring_elements 0.69192
published_at 2026-04-02T12:55:00Z
3
value 0.00592
scoring_system epss
scoring_elements 0.69213
published_at 2026-04-04T12:55:00Z
4
value 0.00592
scoring_system epss
scoring_elements 0.69195
published_at 2026-04-07T12:55:00Z
5
value 0.00592
scoring_system epss
scoring_elements 0.69245
published_at 2026-04-08T12:55:00Z
6
value 0.00592
scoring_system epss
scoring_elements 0.69263
published_at 2026-04-09T12:55:00Z
7
value 0.00592
scoring_system epss
scoring_elements 0.69285
published_at 2026-04-11T12:55:00Z
8
value 0.00592
scoring_system epss
scoring_elements 0.69271
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8167
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml
10
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
11
reference_url https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
12
reference_url https://hackerone.com/reports/189878
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/189878
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8167
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8167
14
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843084
reference_id 1843084
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843084
16
reference_url https://github.com/advisories/GHSA-xq5j-gw7f-jgj8
reference_id GHSA-xq5j-gw7f-jgj8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xq5j-gw7f-jgj8
17
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.3
purl pkg:gem/rails@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-65tq-e5eb-eucj
3
vulnerability VCID-gjey-bqtd-kqa1
4
vulnerability VCID-hppf-a715-r7b2
5
vulnerability VCID-jwun-grgg-2uet
6
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x8-jxdf-jqdz
1
vulnerability VCID-1bxs-yghe-cyck
2
vulnerability VCID-1xgz-hwng-n3eq
3
vulnerability VCID-5qu2-b8gt-7qe3
4
vulnerability VCID-63gy-6njy-kbd8
5
vulnerability VCID-65tq-e5eb-eucj
6
vulnerability VCID-gjey-bqtd-kqa1
7
vulnerability VCID-hppf-a715-r7b2
8
vulnerability VCID-jwun-grgg-2uet
9
vulnerability VCID-wg3a-j2dp-ayh4
10
vulnerability VCID-wyy6-h8bq-vyde
11
vulnerability VCID-zy7d-3db6-sydw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8167, GHSA-xq5j-gw7f-jgj8
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-es1t-7196-4kbb
12
url VCID-g5q6-7uav-sqh1
vulnerability_id VCID-g5q6-7uav-sqh1
summary 
Remote code execution via user-provided local names in ActionView
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
references
0
reference_url http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8163
reference_id
reference_type
scores
0
value 0.90927
scoring_system epss
scoring_elements 0.99632
published_at 2026-04-07T12:55:00Z
1
value 0.90927
scoring_system epss
scoring_elements 0.99631
published_at 2026-04-04T12:55:00Z
2
value 0.90927
scoring_system epss
scoring_elements 0.99633
published_at 2026-04-13T12:55:00Z
3
value 0.90927
scoring_system epss
scoring_elements 0.9963
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8163
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml
6
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
7
reference_url https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0
8
reference_url https://hackerone.com/reports/304805
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/304805
9
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8163
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8163
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848724
reference_id 1848724
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848724
12
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb
reference_id CVE-2020-8163
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb
13
reference_url https://github.com/advisories/GHSA-cr3x-7m39-c6jq
reference_id GHSA-cr3x-7m39-c6jq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr3x-7m39-c6jq
fixed_packages
0
url pkg:gem/rails@5.0.1
purl pkg:gem/rails@5.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-3wtf-uu89-2qe5
2
vulnerability VCID-5qu2-b8gt-7qe3
3
vulnerability VCID-63gy-6njy-kbd8
4
vulnerability VCID-6yr6-a21g-dyf5
5
vulnerability VCID-877d-u9ag-qqdr
6
vulnerability VCID-895a-ydc5-zfg6
7
vulnerability VCID-8dad-dvat-1fg4
8
vulnerability VCID-a6sp-18av-wya6
9
vulnerability VCID-c8b5-d83n-nuhw
10
vulnerability VCID-es1t-7196-4kbb
11
vulnerability VCID-gsx2-9sc2-3fbr
12
vulnerability VCID-hppf-a715-r7b2
13
vulnerability VCID-jwun-grgg-2uet
14
vulnerability VCID-mnkw-23eu-bkgc
15
vulnerability VCID-t684-yp58-hkg8
16
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.1
aliases CVE-2020-8163, GHSA-cr3x-7m39-c6jq
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g5q6-7uav-sqh1
13
url VCID-gsx2-9sc2-3fbr
vulnerability_id VCID-gsx2-9sc2-3fbr
summary 
Moderate severity vulnerability that affects rails
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.
references
0
reference_url http://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/rails/rails
1
reference_url http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5
2
reference_url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
3
reference_url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-4214
reference_id
reference_type
scores
0
value 0.01632
scoring_system epss
scoring_elements 0.81902
published_at 2026-04-13T12:55:00Z
1
value 0.01632
scoring_system epss
scoring_elements 0.81837
published_at 2026-04-01T12:55:00Z
2
value 0.01632
scoring_system epss
scoring_elements 0.81848
published_at 2026-04-02T12:55:00Z
3
value 0.01632
scoring_system epss
scoring_elements 0.8187
published_at 2026-04-04T12:55:00Z
4
value 0.01632
scoring_system epss
scoring_elements 0.81866
published_at 2026-04-07T12:55:00Z
5
value 0.01632
scoring_system epss
scoring_elements 0.81893
published_at 2026-04-08T12:55:00Z
6
value 0.01632
scoring_system epss
scoring_elements 0.81899
published_at 2026-04-09T12:55:00Z
7
value 0.01632
scoring_system epss
scoring_elements 0.81919
published_at 2026-04-11T12:55:00Z
8
value 0.01632
scoring_system epss
scoring_elements 0.81907
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-4214
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214
8
reference_url http://secunia.com/advisories/37446
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/37446
9
reference_url http://secunia.com/advisories/38915
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/38915
10
reference_url http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT4077
11
reference_url http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
12
reference_url http://www.debian.org/security/2011/dsa-2260
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2260
13
reference_url http://www.debian.org/security/2011/dsa-2301
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2301
14
reference_url http://www.openwall.com/lists/oss-security/2009/11/27/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/11/27/2
15
reference_url http://www.openwall.com/lists/oss-security/2009/12/08/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/12/08/3
16
reference_url http://www.securityfocus.com/bid/37142
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/37142
17
reference_url http://www.securitytracker.com/id?1023245
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id?1023245
18
reference_url http://www.vupen.com/english/advisories/2009/3352
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/3352
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=542786
reference_id 542786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=542786
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id 558685
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-4214
reference_id CVE-2009-4214
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-4214
22
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml
reference_id CVE-2009-4214.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml
23
reference_url https://github.com/advisories/GHSA-9p3v-wf2w-v29c
reference_id GHSA-9p3v-wf2w-v29c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9p3v-wf2w-v29c
24
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@2.2.2
purl pkg:gem/rails@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-3zdr-vasc-a7cn
4
vulnerability VCID-49pq-vg95-jkh2
5
vulnerability VCID-4zhj-en7h-3yaz
6
vulnerability VCID-7f5r-9h1g-nuch
7
vulnerability VCID-877d-u9ag-qqdr
8
vulnerability VCID-895a-ydc5-zfg6
9
vulnerability VCID-8dad-dvat-1fg4
10
vulnerability VCID-a6sp-18av-wya6
11
vulnerability VCID-c8b5-d83n-nuhw
12
vulnerability VCID-cnqr-6e98-5kgk
13
vulnerability VCID-es1t-7196-4kbb
14
vulnerability VCID-g5q6-7uav-sqh1
15
vulnerability VCID-gsx2-9sc2-3fbr
16
vulnerability VCID-hppf-a715-r7b2
17
vulnerability VCID-j24x-nhsb-yug6
18
vulnerability VCID-mnkw-23eu-bkgc
19
vulnerability VCID-t684-yp58-hkg8
20
vulnerability VCID-wg3a-j2dp-ayh4
21
vulnerability VCID-xxbb-7e3n-9yb3
22
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.2.2
1
url pkg:gem/rails@2.3.5
purl pkg:gem/rails@2.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-49pq-vg95-jkh2
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-a6sp-18av-wya6
8
vulnerability VCID-c8b5-d83n-nuhw
9
vulnerability VCID-cnqr-6e98-5kgk
10
vulnerability VCID-es1t-7196-4kbb
11
vulnerability VCID-g5q6-7uav-sqh1
12
vulnerability VCID-gsx2-9sc2-3fbr
13
vulnerability VCID-hppf-a715-r7b2
14
vulnerability VCID-j24x-nhsb-yug6
15
vulnerability VCID-mnkw-23eu-bkgc
16
vulnerability VCID-t684-yp58-hkg8
17
vulnerability VCID-wg3a-j2dp-ayh4
18
vulnerability VCID-xxbb-7e3n-9yb3
19
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.5
aliases CVE-2009-4214, GHSA-9p3v-wf2w-v29c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsx2-9sc2-3fbr
14
url VCID-hppf-a715-r7b2
vulnerability_id VCID-hppf-a715-r7b2
summary 
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
reference_id
reference_type
scores
0
value 0.01523
scoring_system epss
scoring_elements 0.81266
published_at 2026-04-13T12:55:00Z
1
value 0.01523
scoring_system epss
scoring_elements 0.8121
published_at 2026-04-02T12:55:00Z
2
value 0.01523
scoring_system epss
scoring_elements 0.81234
published_at 2026-04-07T12:55:00Z
3
value 0.01523
scoring_system epss
scoring_elements 0.81262
published_at 2026-04-08T12:55:00Z
4
value 0.01523
scoring_system epss
scoring_elements 0.81267
published_at 2026-04-09T12:55:00Z
5
value 0.01523
scoring_system epss
scoring_elements 0.81288
published_at 2026-04-11T12:55:00Z
6
value 0.01523
scoring_system epss
scoring_elements 0.81274
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
16
reference_url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
17
reference_url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
18
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
19
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
21
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
reference_id 2164799
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
reference_id CVE-2023-22795
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
25
reference_url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
reference_id GHSA-8xww-x3g3-6jcv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
26
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/rails@6.1.7.1
purl pkg:gem/rails@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65tq-e5eb-eucj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.7.1
1
url pkg:gem/rails@7.0.4.1
purl pkg:gem/rails@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bh7-drnb-7ygg
1
vulnerability VCID-65tq-e5eb-eucj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.4.1
aliases CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hppf-a715-r7b2
15
url VCID-mnkw-23eu-bkgc
vulnerability_id VCID-mnkw-23eu-bkgc
summary 
Ability to forge per-form CSRF tokens in Rails
It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.

Impact
------

Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.

Workarounds
-----------

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8166
reference_id
reference_type
scores
0
value 0.00443
scoring_system epss
scoring_elements 0.63311
published_at 2026-04-13T12:55:00Z
1
value 0.00443
scoring_system epss
scoring_elements 0.63348
published_at 2026-04-12T12:55:00Z
2
value 0.00443
scoring_system epss
scoring_elements 0.63364
published_at 2026-04-11T12:55:00Z
3
value 0.00443
scoring_system epss
scoring_elements 0.63347
published_at 2026-04-09T12:55:00Z
4
value 0.00443
scoring_system epss
scoring_elements 0.63329
published_at 2026-04-08T12:55:00Z
5
value 0.00443
scoring_system epss
scoring_elements 0.63278
published_at 2026-04-07T12:55:00Z
6
value 0.00443
scoring_system epss
scoring_elements 0.63312
published_at 2026-04-04T12:55:00Z
7
value 0.00443
scoring_system epss
scoring_elements 0.63284
published_at 2026-04-02T12:55:00Z
8
value 0.00443
scoring_system epss
scoring_elements 0.63225
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8166
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml
11
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
12
reference_url https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
reference_id
reference_type
scores
url https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
13
reference_url https://hackerone.com/reports/732415
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/732415
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8166
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8166
15
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4766
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843152
reference_id 1843152
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843152
17
reference_url https://github.com/advisories/GHSA-jp5v-5gx4-jmj9
reference_id GHSA-jp5v-5gx4-jmj9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp5v-5gx4-jmj9
18
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.3
purl pkg:gem/rails@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-65tq-e5eb-eucj
3
vulnerability VCID-gjey-bqtd-kqa1
4
vulnerability VCID-hppf-a715-r7b2
5
vulnerability VCID-jwun-grgg-2uet
6
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x8-jxdf-jqdz
1
vulnerability VCID-1bxs-yghe-cyck
2
vulnerability VCID-1xgz-hwng-n3eq
3
vulnerability VCID-5qu2-b8gt-7qe3
4
vulnerability VCID-63gy-6njy-kbd8
5
vulnerability VCID-65tq-e5eb-eucj
6
vulnerability VCID-gjey-bqtd-kqa1
7
vulnerability VCID-hppf-a715-r7b2
8
vulnerability VCID-jwun-grgg-2uet
9
vulnerability VCID-wg3a-j2dp-ayh4
10
vulnerability VCID-wyy6-h8bq-vyde
11
vulnerability VCID-zy7d-3db6-sydw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8166, GHSA-jp5v-5gx4-jmj9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnkw-23eu-bkgc
16
url VCID-nzeb-cy9e-tkax
vulnerability_id VCID-nzeb-cy9e-tkax
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
references
0
reference_url http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
url http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
1
reference_url http://gist.github.com/8946
reference_id
reference_type
scores
url http://gist.github.com/8946
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
3
reference_url http://rails.lighthouseapp.com/projects/8994/tickets/288
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rails.lighthouseapp.com/projects/8994/tickets/288
4
reference_url http://rails.lighthouseapp.com/projects/8994/tickets/964
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rails.lighthouseapp.com/projects/8994/tickets/964
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-4094
reference_id
reference_type
scores
0
value 0.03119
scoring_system epss
scoring_elements 0.86839
published_at 2026-04-13T12:55:00Z
1
value 0.03119
scoring_system epss
scoring_elements 0.86782
published_at 2026-04-01T12:55:00Z
2
value 0.03119
scoring_system epss
scoring_elements 0.86793
published_at 2026-04-02T12:55:00Z
3
value 0.03119
scoring_system epss
scoring_elements 0.86812
published_at 2026-04-04T12:55:00Z
4
value 0.03119
scoring_system epss
scoring_elements 0.86806
published_at 2026-04-07T12:55:00Z
5
value 0.03119
scoring_system epss
scoring_elements 0.86826
published_at 2026-04-08T12:55:00Z
6
value 0.03119
scoring_system epss
scoring_elements 0.86834
published_at 2026-04-09T12:55:00Z
7
value 0.03119
scoring_system epss
scoring_elements 0.86847
published_at 2026-04-11T12:55:00Z
8
value 0.03119
scoring_system epss
scoring_elements 0.86844
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-4094
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
7
reference_url http://secunia.com/advisories/31875
reference_id
reference_type
scores
url http://secunia.com/advisories/31875
8
reference_url http://secunia.com/advisories/31909
reference_id
reference_type
scores
url http://secunia.com/advisories/31909
9
reference_url http://secunia.com/advisories/31910
reference_id
reference_type
scores
url http://secunia.com/advisories/31910
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
11
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
12
reference_url https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645
13
reference_url https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
14
reference_url https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch
15
reference_url https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch
16
reference_url https://web.archive.org/web/20081104151751/http://gist.github.com/8946
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081104151751/http://gist.github.com/8946
17
reference_url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875
18
reference_url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
reference_id
reference_type
scores
url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
19
reference_url https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909
20
reference_url https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910
21
reference_url https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562
22
reference_url https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176
23
reference_url https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871
24
reference_url http://www.openwall.com/lists/oss-security/2008/09/13/2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2008/09/13/2
25
reference_url http://www.openwall.com/lists/oss-security/2008/09/16/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2008/09/16/1
26
reference_url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter
27
reference_url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
reference_id
reference_type
scores
url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
28
reference_url http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/31176
29
reference_url http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1020871
30
reference_url http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/2562
31
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
reference_id 500791
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
70
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
71
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
72
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
73
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*
74
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*
75
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*
76
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*
77
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*
78
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*
79
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*
80
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*
81
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*
82
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*
83
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-4094
reference_id CVE-2008-4094
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-4094
84
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml
reference_id CVE-2008-4094.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml
85
reference_url https://github.com/advisories/GHSA-xf96-32q2-9rw2
reference_id GHSA-xf96-32q2-9rw2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xf96-32q2-9rw2
86
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@2.1.1
purl pkg:gem/rails@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-3zdr-vasc-a7cn
4
vulnerability VCID-49pq-vg95-jkh2
5
vulnerability VCID-4zhj-en7h-3yaz
6
vulnerability VCID-7f5r-9h1g-nuch
7
vulnerability VCID-877d-u9ag-qqdr
8
vulnerability VCID-895a-ydc5-zfg6
9
vulnerability VCID-8dad-dvat-1fg4
10
vulnerability VCID-a6sp-18av-wya6
11
vulnerability VCID-c8b5-d83n-nuhw
12
vulnerability VCID-cnqr-6e98-5kgk
13
vulnerability VCID-es1t-7196-4kbb
14
vulnerability VCID-g5q6-7uav-sqh1
15
vulnerability VCID-gsx2-9sc2-3fbr
16
vulnerability VCID-hppf-a715-r7b2
17
vulnerability VCID-j24x-nhsb-yug6
18
vulnerability VCID-mnkw-23eu-bkgc
19
vulnerability VCID-t684-yp58-hkg8
20
vulnerability VCID-vgm2-8wjy-x7ed
21
vulnerability VCID-wg3a-j2dp-ayh4
22
vulnerability VCID-xxbb-7e3n-9yb3
23
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.1.1
aliases CVE-2008-4094, GHSA-xf96-32q2-9rw2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzeb-cy9e-tkax
17
url VCID-r1u7-1avr-fqbs
vulnerability_id VCID-r1u7-1avr-fqbs
summary 
Moderate severity vulnerability that affects rails
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.
references
0
reference_url http://bugs.gentoo.org/show_bug.cgi?id=195315
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.gentoo.org/show_bug.cgi?id=195315
1
reference_url http://docs.info.apple.com/article.html?artnum=307179
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://docs.info.apple.com/article.html?artnum=307179
2
reference_url http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5379
reference_id
reference_type
scores
0
value 0.10596
scoring_system epss
scoring_elements 0.93255
published_at 2026-04-01T12:55:00Z
1
value 0.10596
scoring_system epss
scoring_elements 0.93269
published_at 2026-04-04T12:55:00Z
2
value 0.10596
scoring_system epss
scoring_elements 0.93263
published_at 2026-04-02T12:55:00Z
3
value 0.10596
scoring_system epss
scoring_elements 0.93284
published_at 2026-04-13T12:55:00Z
4
value 0.10596
scoring_system epss
scoring_elements 0.93283
published_at 2026-04-12T12:55:00Z
5
value 0.10596
scoring_system epss
scoring_elements 0.93285
published_at 2026-04-11T12:55:00Z
6
value 0.10596
scoring_system epss
scoring_elements 0.93281
published_at 2026-04-09T12:55:00Z
7
value 0.10596
scoring_system epss
scoring_elements 0.93276
published_at 2026-04-08T12:55:00Z
8
value 0.10596
scoring_system epss
scoring_elements 0.93268
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5379
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379
5
reference_url http://security.gentoo.org/glsa/glsa-200711-17.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200711-17.xml
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
8
reference_url https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453
9
reference_url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
10
reference_url http://www.us-cert.gov/cas/techalerts/TA07-352A.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.us-cert.gov/cas/techalerts/TA07-352A.html
11
reference_url http://www.vupen.com/english/advisories/2007/3508
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/3508
12
reference_url http://www.vupen.com/english/advisories/2007/4238
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/4238
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5379
reference_id CVE-2007-5379
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5379
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml
reference_id CVE-2007-5379.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml
15
reference_url https://github.com/advisories/GHSA-fjfg-q662-gm6j
reference_id GHSA-fjfg-q662-gm6j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fjfg-q662-gm6j
16
reference_url https://security.gentoo.org/glsa/200711-17
reference_id GLSA-200711-17
reference_type
scores
url https://security.gentoo.org/glsa/200711-17
fixed_packages
0
url pkg:gem/rails@1.2.4
purl pkg:gem/rails@1.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-4zhj-en7h-3yaz
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-9hvm-2hnk-hyev
8
vulnerability VCID-a6sp-18av-wya6
9
vulnerability VCID-c8b5-d83n-nuhw
10
vulnerability VCID-cnqr-6e98-5kgk
11
vulnerability VCID-es1t-7196-4kbb
12
vulnerability VCID-g5q6-7uav-sqh1
13
vulnerability VCID-gsx2-9sc2-3fbr
14
vulnerability VCID-hppf-a715-r7b2
15
vulnerability VCID-mnkw-23eu-bkgc
16
vulnerability VCID-nzeb-cy9e-tkax
17
vulnerability VCID-r1u7-1avr-fqbs
18
vulnerability VCID-t684-yp58-hkg8
19
vulnerability VCID-wg3a-j2dp-ayh4
20
vulnerability VCID-wyqh-g8df-hkay
21
vulnerability VCID-xqzj-cww4-nbcy
22
vulnerability VCID-xxbb-7e3n-9yb3
23
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.4
1
url pkg:gem/rails@1.2.5
purl pkg:gem/rails@1.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-4zhj-en7h-3yaz
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-9hvm-2hnk-hyev
8
vulnerability VCID-a6sp-18av-wya6
9
vulnerability VCID-c8b5-d83n-nuhw
10
vulnerability VCID-cnqr-6e98-5kgk
11
vulnerability VCID-es1t-7196-4kbb
12
vulnerability VCID-g5q6-7uav-sqh1
13
vulnerability VCID-gsx2-9sc2-3fbr
14
vulnerability VCID-hppf-a715-r7b2
15
vulnerability VCID-mnkw-23eu-bkgc
16
vulnerability VCID-nzeb-cy9e-tkax
17
vulnerability VCID-t684-yp58-hkg8
18
vulnerability VCID-wg3a-j2dp-ayh4
19
vulnerability VCID-wyqh-g8df-hkay
20
vulnerability VCID-xxbb-7e3n-9yb3
21
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.5
aliases CVE-2007-5379, GHSA-fjfg-q662-gm6j, OSV-40717
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1u7-1avr-fqbs
18
url VCID-t684-yp58-hkg8
vulnerability_id VCID-t684-yp58-hkg8
summary 
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when
untrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result
from the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:

```
data = cache.fetch("demo", raw: true) { untrusted_string }
```
Versions Affected:  rails < 5.2.5, rails < 6.0.4
Not affected:       Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1
  
Impact
------
Unmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,
this vulnerability allows an attacker to inject untrusted Ruby objects into a web application.
In addition to upgrading to the latest versions of Rails, developers should ensure that whenever
they are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both
reading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,
detect if data was serialized using the raw option upon deserialization.

Workarounds
-----------
It is recommended that application developers apply the suggested patch or upgrade to the latest release as
soon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using
the `raw` argument should be double-checked to ensure that they conform to the expected format.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8165
reference_id
reference_type
scores
0
value 0.90128
scoring_system epss
scoring_elements 0.99586
published_at 2026-04-04T12:55:00Z
1
value 0.90128
scoring_system epss
scoring_elements 0.99588
published_at 2026-04-13T12:55:00Z
2
value 0.90128
scoring_system epss
scoring_elements 0.99584
published_at 2026-04-01T12:55:00Z
3
value 0.90128
scoring_system epss
scoring_elements 0.99585
published_at 2026-04-02T12:55:00Z
4
value 0.90128
scoring_system epss
scoring_elements 0.99587
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8165
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml
12
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
13
reference_url https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
14
reference_url https://hackerone.com/reports/413388
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/413388
15
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
16
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8165
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8165
18
reference_url https://security.netapp.com/advisory/ntap-20250509-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250509-0002
19
reference_url https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
20
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843072
reference_id 1843072
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843072
22
reference_url https://github.com/advisories/GHSA-2p68-f74v-9wc6
reference_id GHSA-2p68-f74v-9wc6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2p68-f74v-9wc6
23
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.3
purl pkg:gem/rails@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qu2-b8gt-7qe3
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-65tq-e5eb-eucj
3
vulnerability VCID-gjey-bqtd-kqa1
4
vulnerability VCID-hppf-a715-r7b2
5
vulnerability VCID-jwun-grgg-2uet
6
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x8-jxdf-jqdz
1
vulnerability VCID-1bxs-yghe-cyck
2
vulnerability VCID-1xgz-hwng-n3eq
3
vulnerability VCID-5qu2-b8gt-7qe3
4
vulnerability VCID-63gy-6njy-kbd8
5
vulnerability VCID-65tq-e5eb-eucj
6
vulnerability VCID-gjey-bqtd-kqa1
7
vulnerability VCID-hppf-a715-r7b2
8
vulnerability VCID-jwun-grgg-2uet
9
vulnerability VCID-wg3a-j2dp-ayh4
10
vulnerability VCID-wyy6-h8bq-vyde
11
vulnerability VCID-zy7d-3db6-sydw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8165, GHSA-2p68-f74v-9wc6
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t684-yp58-hkg8
19
url VCID-wg3a-j2dp-ayh4
vulnerability_id VCID-wg3a-j2dp-ayh4
summary 
Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller.

Versions Affected:  >= 4.0.0
Not affected:       < 4.0.0
Fixed Versions:     6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6

Impact
------
Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.  Impacted code will look something like this:

```
class PostsController < ApplicationController
  before_action :authenticate

  private

  def authenticate
    authenticate_or_request_with_http_token do |token, options|
      # ...
    end
  end
end
```

All users running an affected release should either upgrade or use one of the workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
The following monkey patch placed in an initializer can be used to work around the issue:

```ruby
module ActionController::HttpAuthentication::Token
  AUTHN_PAIR_DELIMITERS = /(?:,|;|\t)/
end
```

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* 5-2-http-authentication-dos.patch - Patch for 5.2 series
* 6-0-http-authentication-dos.patch - Patch for 6.0 series
* 6-1-http-authentication-dos.patch - Patch for 6.1 series

Please note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Credits
-------
Thank you to https://hackerone.com/wonda_tea_coffee for reporting this issue!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
reference_id
reference_type
scores
0
value 0.07856
scoring_system epss
scoring_elements 0.92007
published_at 2026-04-12T12:55:00Z
1
value 0.07856
scoring_system epss
scoring_elements 0.92004
published_at 2026-04-13T12:55:00Z
2
value 0.07856
scoring_system epss
scoring_elements 0.92
published_at 2026-04-08T12:55:00Z
3
value 0.07856
scoring_system epss
scoring_elements 0.91987
published_at 2026-04-07T12:55:00Z
4
value 0.07856
scoring_system epss
scoring_elements 0.91981
published_at 2026-04-04T12:55:00Z
5
value 0.07856
scoring_system epss
scoring_elements 0.91974
published_at 2026-04-02T12:55:00Z
6
value 0.07856
scoring_system epss
scoring_elements 0.91966
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
5
reference_url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/releases/tag/v5.2.4.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.4.6
9
reference_url https://github.com/rails/rails/releases/tag/v5.2.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.6
10
reference_url https://github.com/rails/rails/releases/tag/v6.0.3.7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.0.3.7
11
reference_url https://github.com/rails/rails/releases/tag/v6.1.3.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.3.2
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
13
reference_url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
14
reference_url https://hackerone.com/reports/1101125
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1101125
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
16
reference_url https://security.netapp.com/advisory/ntap-20210805-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0009
17
reference_url https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0009/
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
reference_id 1961379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id 988214
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
20
reference_url https://security.archlinux.org/AVG-1920
reference_id AVG-1920
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1920
21
reference_url https://security.archlinux.org/AVG-1921
reference_id AVG-1921
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1921
22
reference_url https://security.archlinux.org/AVG-2090
reference_id AVG-2090
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2090
23
reference_url https://security.archlinux.org/AVG-2223
reference_id AVG-2223
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2223
24
reference_url https://github.com/advisories/GHSA-7wjx-3g7j-8584
reference_id GHSA-7wjx-3g7j-8584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7wjx-3g7j-8584
25
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
fixed_packages
0
url pkg:gem/rails@5.2.4.6
purl pkg:gem/rails@5.2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63gy-6njy-kbd8
1
vulnerability VCID-65tq-e5eb-eucj
2
vulnerability VCID-hppf-a715-r7b2
3
vulnerability VCID-jwun-grgg-2uet
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.6
1
url pkg:gem/rails@5.2.6
purl pkg:gem/rails@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63gy-6njy-kbd8
1
vulnerability VCID-65tq-e5eb-eucj
2
vulnerability VCID-hppf-a715-r7b2
3
vulnerability VCID-jwun-grgg-2uet
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.6
2
url pkg:gem/rails@6.0.3.7
purl pkg:gem/rails@6.0.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxs-yghe-cyck
1
vulnerability VCID-63gy-6njy-kbd8
2
vulnerability VCID-65tq-e5eb-eucj
3
vulnerability VCID-hppf-a715-r7b2
4
vulnerability VCID-jwun-grgg-2uet
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.7
3
url pkg:gem/rails@6.1.3.2
purl pkg:gem/rails@6.1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxs-yghe-cyck
1
vulnerability VCID-1x8k-t8mr-3fgp
2
vulnerability VCID-63gy-6njy-kbd8
3
vulnerability VCID-65tq-e5eb-eucj
4
vulnerability VCID-hppf-a715-r7b2
5
vulnerability VCID-jwun-grgg-2uet
6
vulnerability VCID-msda-xqbp-qfdd
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.3.2
aliases CVE-2021-22904, GHSA-7wjx-3g7j-8584
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg3a-j2dp-ayh4
20
url VCID-wgr4-rzk2-4yet
vulnerability_id VCID-wgr4-rzk2-4yet
summary Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
references
0
reference_url http://bugs.gentoo.org/show_bug.cgi?id=195315
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.gentoo.org/show_bug.cgi?id=195315
1
reference_url http://docs.info.apple.com/article.html?artnum=307179
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://docs.info.apple.com/article.html?artnum=307179
2
reference_url http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5380
reference_id
reference_type
scores
0
value 0.05845
scoring_system epss
scoring_elements 0.90504
published_at 2026-04-01T12:55:00Z
1
value 0.05845
scoring_system epss
scoring_elements 0.90545
published_at 2026-04-13T12:55:00Z
2
value 0.05845
scoring_system epss
scoring_elements 0.90552
published_at 2026-04-11T12:55:00Z
3
value 0.05845
scoring_system epss
scoring_elements 0.90543
published_at 2026-04-09T12:55:00Z
4
value 0.05845
scoring_system epss
scoring_elements 0.90537
published_at 2026-04-08T12:55:00Z
5
value 0.05845
scoring_system epss
scoring_elements 0.90524
published_at 2026-04-07T12:55:00Z
6
value 0.05845
scoring_system epss
scoring_elements 0.90518
published_at 2026-04-04T12:55:00Z
7
value 0.05845
scoring_system epss
scoring_elements 0.90508
published_at 2026-04-02T12:55:00Z
8
value 0.05845
scoring_system epss
scoring_elements 0.90551
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5380
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380
5
reference_url http://secunia.com/advisories/27657
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27657
6
reference_url http://secunia.com/advisories/27965
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27965
7
reference_url http://secunia.com/advisories/28136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/28136
8
reference_url http://security.gentoo.org/glsa/glsa-200711-17.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200711-17.xml
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
11
reference_url http://www.novell.com/linux/security/advisories/2007_25_sr.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.novell.com/linux/security/advisories/2007_25_sr.html
12
reference_url http://www.securityfocus.com/bid/26096
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/26096
13
reference_url http://www.us-cert.gov/cas/techalerts/TA07-352A.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.us-cert.gov/cas/techalerts/TA07-352A.html
14
reference_url http://www.vupen.com/english/advisories/2007/3508
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/3508
15
reference_url http://www.vupen.com/english/advisories/2007/4238
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/4238
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5380
reference_id CVE-2007-5380
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5380
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml
reference_id CVE-2007-5380.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml
18
reference_url https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
reference_id GHSA-jwhv-rgqc-fqj5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
19
reference_url https://security.gentoo.org/glsa/200711-17
reference_id GLSA-200711-17
reference_type
scores
url https://security.gentoo.org/glsa/200711-17
20
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@1.2.4
purl pkg:gem/rails@1.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-4zhj-en7h-3yaz
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-9hvm-2hnk-hyev
8
vulnerability VCID-a6sp-18av-wya6
9
vulnerability VCID-c8b5-d83n-nuhw
10
vulnerability VCID-cnqr-6e98-5kgk
11
vulnerability VCID-es1t-7196-4kbb
12
vulnerability VCID-g5q6-7uav-sqh1
13
vulnerability VCID-gsx2-9sc2-3fbr
14
vulnerability VCID-hppf-a715-r7b2
15
vulnerability VCID-mnkw-23eu-bkgc
16
vulnerability VCID-nzeb-cy9e-tkax
17
vulnerability VCID-r1u7-1avr-fqbs
18
vulnerability VCID-t684-yp58-hkg8
19
vulnerability VCID-wg3a-j2dp-ayh4
20
vulnerability VCID-wyqh-g8df-hkay
21
vulnerability VCID-xqzj-cww4-nbcy
22
vulnerability VCID-xxbb-7e3n-9yb3
23
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.4
aliases CVE-2007-5380, GHSA-jwhv-rgqc-fqj5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgr4-rzk2-4yet
21
url VCID-wyqh-g8df-hkay
vulnerability_id VCID-wyqh-g8df-hkay
summary 
rails is vulnerable to CRLF injection
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
references
0
reference_url http://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/rails/rails
1
reference_url http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-5189
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.38195
published_at 2026-04-09T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38137
published_at 2026-04-07T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.38187
published_at 2026-04-08T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.38154
published_at 2026-04-13T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.38178
published_at 2026-04-12T12:55:00Z
5
value 0.00169
scoring_system epss
scoring_elements 0.38065
published_at 2026-04-01T12:55:00Z
6
value 0.00169
scoring_system epss
scoring_elements 0.38214
published_at 2026-04-11T12:55:00Z
7
value 0.00169
scoring_system epss
scoring_elements 0.38245
published_at 2026-04-02T12:55:00Z
8
value 0.00169
scoring_system epss
scoring_elements 0.38268
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-5189
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189
6
reference_url http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing
7
reference_url http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
8
reference_url http://www.securityfocus.com/bid/32359
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/32359
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=472510
reference_id 472510
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=472510
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-5189
reference_id CVE-2008-5189
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-5189
60
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml
reference_id CVE-2008-5189.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml
61
reference_url https://github.com/advisories/GHSA-jmgf-p46x-982h
reference_id GHSA-jmgf-p46x-982h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmgf-p46x-982h
fixed_packages
0
url pkg:gem/rails@2.0.5
purl pkg:gem/rails@2.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-3zdr-vasc-a7cn
4
vulnerability VCID-4zhj-en7h-3yaz
5
vulnerability VCID-877d-u9ag-qqdr
6
vulnerability VCID-895a-ydc5-zfg6
7
vulnerability VCID-8dad-dvat-1fg4
8
vulnerability VCID-a6sp-18av-wya6
9
vulnerability VCID-c8b5-d83n-nuhw
10
vulnerability VCID-cnqr-6e98-5kgk
11
vulnerability VCID-es1t-7196-4kbb
12
vulnerability VCID-g5q6-7uav-sqh1
13
vulnerability VCID-gsx2-9sc2-3fbr
14
vulnerability VCID-hppf-a715-r7b2
15
vulnerability VCID-j24x-nhsb-yug6
16
vulnerability VCID-mnkw-23eu-bkgc
17
vulnerability VCID-nzeb-cy9e-tkax
18
vulnerability VCID-t684-yp58-hkg8
19
vulnerability VCID-wg3a-j2dp-ayh4
20
vulnerability VCID-xxbb-7e3n-9yb3
21
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.0.5
aliases CVE-2008-5189, GHSA-jmgf-p46x-982h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyqh-g8df-hkay
22
url VCID-xqzj-cww4-nbcy
vulnerability_id VCID-xqzj-cww4-nbcy
summary 
Moderate severity vulnerability that affects rails
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
references
0
reference_url http://bugs.gentoo.org/show_bug.cgi?id=195315
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.gentoo.org/show_bug.cgi?id=195315
1
reference_url http://dev.rubyonrails.org/ticket/8371
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://dev.rubyonrails.org/ticket/8371
2
reference_url http://osvdb.org/36378
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://osvdb.org/36378
3
reference_url http://pastie.caboo.se/65550.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pastie.caboo.se/65550.txt
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3227
reference_id
reference_type
scores
0
value 0.13632
scoring_system epss
scoring_elements 0.94242
published_at 2026-04-09T12:55:00Z
1
value 0.13632
scoring_system epss
scoring_elements 0.94247
published_at 2026-04-13T12:55:00Z
2
value 0.13632
scoring_system epss
scoring_elements 0.94215
published_at 2026-04-02T12:55:00Z
3
value 0.13632
scoring_system epss
scoring_elements 0.94246
published_at 2026-04-12T12:55:00Z
4
value 0.13632
scoring_system epss
scoring_elements 0.94238
published_at 2026-04-08T12:55:00Z
5
value 0.13632
scoring_system epss
scoring_elements 0.94205
published_at 2026-04-01T12:55:00Z
6
value 0.13632
scoring_system epss
scoring_elements 0.94227
published_at 2026-04-04T12:55:00Z
7
value 0.13632
scoring_system epss
scoring_elements 0.94229
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3227
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227
6
reference_url http://secunia.com/advisories/25699
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/25699
7
reference_url http://secunia.com/advisories/27657
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27657
8
reference_url http://secunia.com/advisories/27756
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27756
9
reference_url http://security.gentoo.org/glsa/glsa-200711-17.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200711-17.xml
10
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
11
reference_url http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release
12
reference_url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
13
reference_url http://www.novell.com/linux/security/advisories/2007_24_sr.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.novell.com/linux/security/advisories/2007_24_sr.html
14
reference_url http://www.securityfocus.com/bid/24161
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/24161
15
reference_url http://www.vupen.com/english/advisories/2007/2216
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/2216
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177
reference_id 429177
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3227
reference_id CVE-2007-3227
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-3227
19
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt
reference_id CVE-2007-3227;OSVDB-36378
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt
20
reference_url https://www.securityfocus.com/bid/24161/info
reference_id CVE-2007-3227;OSVDB-36378
reference_type exploit
scores
url https://www.securityfocus.com/bid/24161/info
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml
reference_id CVE-2007-3227.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml
22
reference_url https://github.com/advisories/GHSA-gm25-fpmr-43fj
reference_id GHSA-gm25-fpmr-43fj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gm25-fpmr-43fj
23
reference_url https://security.gentoo.org/glsa/200711-17
reference_id GLSA-200711-17
reference_type
scores
url https://security.gentoo.org/glsa/200711-17
fixed_packages
0
url pkg:gem/rails@1.2.5
purl pkg:gem/rails@1.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-4zhj-en7h-3yaz
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-9hvm-2hnk-hyev
8
vulnerability VCID-a6sp-18av-wya6
9
vulnerability VCID-c8b5-d83n-nuhw
10
vulnerability VCID-cnqr-6e98-5kgk
11
vulnerability VCID-es1t-7196-4kbb
12
vulnerability VCID-g5q6-7uav-sqh1
13
vulnerability VCID-gsx2-9sc2-3fbr
14
vulnerability VCID-hppf-a715-r7b2
15
vulnerability VCID-mnkw-23eu-bkgc
16
vulnerability VCID-nzeb-cy9e-tkax
17
vulnerability VCID-t684-yp58-hkg8
18
vulnerability VCID-wg3a-j2dp-ayh4
19
vulnerability VCID-wyqh-g8df-hkay
20
vulnerability VCID-xxbb-7e3n-9yb3
21
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.5
aliases CVE-2007-3227, GHSA-gm25-fpmr-43fj, OSV-36378
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqzj-cww4-nbcy
23
url VCID-xxbb-7e3n-9yb3
vulnerability_id VCID-xxbb-7e3n-9yb3
summary 
Cross site scripting in actionpack Rubygem
A cross-site scripting vulnerability flaw was found in the `auto_link` function in Rails before version 3.0.6.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1497
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55722
published_at 2026-04-13T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.5574
published_at 2026-04-12T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.55759
published_at 2026-04-11T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.5575
published_at 2026-04-09T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.55696
published_at 2026-04-07T12:55:00Z
5
value 0.00328
scoring_system epss
scoring_elements 0.55584
published_at 2026-04-01T12:55:00Z
6
value 0.00328
scoring_system epss
scoring_elements 0.55747
published_at 2026-04-08T12:55:00Z
7
value 0.00328
scoring_system epss
scoring_elements 0.55718
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1497
2
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
3
reference_url https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
4
reference_url https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
5
reference_url https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6
6
reference_url https://www.openwall.com/lists/oss-security/2011/04/06/13
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2011/04/06/13
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2015262
reference_id 2015262
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2015262
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1497
reference_id CVE-2011-1497
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1497
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml
reference_id CVE-2011-1497.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml
10
reference_url https://github.com/advisories/GHSA-q58j-fmvf-9rq6
reference_id GHSA-q58j-fmvf-9rq6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q58j-fmvf-9rq6
fixed_packages
0
url pkg:gem/rails@3.0.6
purl pkg:gem/rails@3.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-35rt-t6e1-pfa6
2
vulnerability VCID-3wtf-uu89-2qe5
3
vulnerability VCID-63gy-6njy-kbd8
4
vulnerability VCID-877d-u9ag-qqdr
5
vulnerability VCID-895a-ydc5-zfg6
6
vulnerability VCID-8dad-dvat-1fg4
7
vulnerability VCID-a6sp-18av-wya6
8
vulnerability VCID-c8b5-d83n-nuhw
9
vulnerability VCID-es1t-7196-4kbb
10
vulnerability VCID-g5q6-7uav-sqh1
11
vulnerability VCID-gsx2-9sc2-3fbr
12
vulnerability VCID-hppf-a715-r7b2
13
vulnerability VCID-j24x-nhsb-yug6
14
vulnerability VCID-mep3-6sub-ykdk
15
vulnerability VCID-mnkw-23eu-bkgc
16
vulnerability VCID-pmrb-t3bm-zkb6
17
vulnerability VCID-rps2-k24p-9qgq
18
vulnerability VCID-t684-yp58-hkg8
19
vulnerability VCID-wg3a-j2dp-ayh4
20
vulnerability VCID-z1jv-4ga2-7kd1
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.6
aliases CVE-2011-1497, GHSA-q58j-fmvf-9rq6
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxbb-7e3n-9yb3
24
url VCID-z1jv-4ga2-7kd1
vulnerability_id VCID-z1jv-4ga2-7kd1
summary 
Possible Information Leak Vulnerability
Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2097
reference_id
reference_type
scores
0
value 0.01912
scoring_system epss
scoring_elements 0.83257
published_at 2026-04-07T12:55:00Z
1
value 0.01912
scoring_system epss
scoring_elements 0.83242
published_at 2026-04-02T12:55:00Z
2
value 0.01912
scoring_system epss
scoring_elements 0.83226
published_at 2026-04-01T12:55:00Z
3
value 0.01912
scoring_system epss
scoring_elements 0.83299
published_at 2026-04-12T12:55:00Z
4
value 0.01912
scoring_system epss
scoring_elements 0.83305
published_at 2026-04-11T12:55:00Z
5
value 0.01912
scoring_system epss
scoring_elements 0.8329
published_at 2026-04-09T12:55:00Z
6
value 0.01912
scoring_system epss
scoring_elements 0.83281
published_at 2026-04-08T12:55:00Z
7
value 0.01912
scoring_system epss
scoring_elements 0.83295
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2097
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml
12
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
reference_id
reference_type
scores
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
13
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
14
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
15
reference_url https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122
16
reference_url https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726
17
reference_url https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
18
reference_url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released
19
reference_url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
20
reference_url http://www.debian.org/security/2016/dsa-3509
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3509
21
reference_url http://www.securityfocus.com/bid/83726
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/83726
22
reference_url http://www.securitytracker.com/id/1035122
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035122
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1310043
reference_id 1310043
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1310043
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*
70
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*
71
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*
72
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*
73
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
74
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*
75
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2097
reference_id CVE-2016-2097
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2097
76
reference_url https://github.com/advisories/GHSA-vx9j-46rh-fqr8
reference_id GHSA-vx9j-46rh-fqr8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vx9j-46rh-fqr8
77
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
78
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
79
reference_url https://access.redhat.com/errata/RHSA-2016:0456
reference_id RHSA-2016:0456
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0456
fixed_packages
0
url pkg:gem/rails@3.2.22.2
purl pkg:gem/rails@3.2.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-3wtf-uu89-2qe5
2
vulnerability VCID-63gy-6njy-kbd8
3
vulnerability VCID-877d-u9ag-qqdr
4
vulnerability VCID-895a-ydc5-zfg6
5
vulnerability VCID-8dad-dvat-1fg4
6
vulnerability VCID-a6sp-18av-wya6
7
vulnerability VCID-c8b5-d83n-nuhw
8
vulnerability VCID-es1t-7196-4kbb
9
vulnerability VCID-g5q6-7uav-sqh1
10
vulnerability VCID-gsx2-9sc2-3fbr
11
vulnerability VCID-hppf-a715-r7b2
12
vulnerability VCID-mnkw-23eu-bkgc
13
vulnerability VCID-t684-yp58-hkg8
14
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.22.2
1
url pkg:gem/rails@4.1.14.2
purl pkg:gem/rails@4.1.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mcx-b9k2-83bh
1
vulnerability VCID-3wtf-uu89-2qe5
2
vulnerability VCID-63gy-6njy-kbd8
3
vulnerability VCID-877d-u9ag-qqdr
4
vulnerability VCID-895a-ydc5-zfg6
5
vulnerability VCID-8dad-dvat-1fg4
6
vulnerability VCID-a6sp-18av-wya6
7
vulnerability VCID-c8b5-d83n-nuhw
8
vulnerability VCID-es1t-7196-4kbb
9
vulnerability VCID-g5q6-7uav-sqh1
10
vulnerability VCID-gsx2-9sc2-3fbr
11
vulnerability VCID-hppf-a715-r7b2
12
vulnerability VCID-mnkw-23eu-bkgc
13
vulnerability VCID-s5ah-tf63-a7cw
14
vulnerability VCID-t684-yp58-hkg8
15
vulnerability VCID-wg3a-j2dp-ayh4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.14.2
aliases CVE-2016-2097, GHSA-vx9j-46rh-fqr8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1jv-4ga2-7kd1
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rails@0.9.2