Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/169014?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/169014?format=api", "purl": "pkg:rpm/redhat/wmi@1.3.14-1?arch=el6cf", "type": "rpm", "namespace": "redhat", "name": "wmi", "version": "1.3.14-1", "qualifiers": { "arch": "el6cf" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37587?format=api", "vulnerability_id": "VCID-3djc-6nq8-43er", "summary": "Possible DoS Vulnerability\nA carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `\"some string #{user_input}\" % some_number`", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.80304", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.80332", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.80329", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/118", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/118" }, { "reference_url": "https://github.com/advisories/GHSA-rg5m-3fqp-6px8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg5m-3fqp-6px8" }, { "reference_url": "https://github.com/rails/rails/tree/main/actionmailer", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/actionmailer" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4389" }, { "reference_url": "https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2887", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2887" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013913", "reference_id": "1013913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013913" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4389", "GHSA-rg5m-3fqp-6px8", "OSV-98629" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3djc-6nq8-43er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37769?format=api", "vulnerability_id": "VCID-am86-p4wh-wkh7", "summary": "Arbitrary file existence disclosure\nSpecially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2015:1100", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2015:1100" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-7819", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-7819" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7819", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73498", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73456", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73493", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7819" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7819", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7819" }, { "reference_url": "https://github.com/advisories/GHSA-33pp-3763-mrfp", "reference_id": "GHSA-33pp-3763-mrfp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33pp-3763-mrfp" } ], "fixed_packages": [], "aliases": [ "CVE-2014-7819", "GHSA-33pp-3763-mrfp", "OSV-113965" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am86-p4wh-wkh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37845?format=api", "vulnerability_id": "VCID-ec4f-bg8b-x7ef", "summary": "Log Plaintext Password Local Disclosure\nREST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20545", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20486", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20559", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3448" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448" }, { "reference_url": "https://github.com/rest-client/rest-client", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rest-client/rest-client" }, { "reference_url": "https://github.com/rest-client/rest-client/issues/349", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rest-client/rest-client/issues/349" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3448", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3448" }, { "reference_url": "https://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415" }, { "reference_url": "http://www.osvdb.org/show/osvdb/117461", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/show/osvdb/117461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1240982", "reference_id": "1240982", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1240982" }, { "reference_url": "https://github.com/advisories/GHSA-mx9f-w8qq-q5jf", "reference_id": "GHSA-mx9f-w8qq-q5jf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mx9f-w8qq-q5jf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [], "aliases": [ "CVE-2015-3448", "GHSA-mx9f-w8qq-q5jf" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ec4f-bg8b-x7ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37601?format=api", "vulnerability_id": "VCID-hdmz-kfek-eyer", "summary": "Reflective XSS Vulnerability\nWhen a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2015:1100", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2015:1100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0320", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0380", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0380" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-4492", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-4492" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63729", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63778", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.6377", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4492" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039435", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492" }, { "reference_url": "https://github.com/advisories/GHSA-r5hc-9xx5-97rw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r5hc-9xx5-97rw" }, { "reference_url": "https://github.com/ruby-i18n/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby-i18n/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2013-4492.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2013-4492.yml" }, { "reference_url": "https://github.com/svenfuchs/i18n", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/svenfuchs/i18n" }, { "reference_url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998" }, { "reference_url": "https://web.archive.org/web/20201208125214/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208125214/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ" }, { "reference_url": "https://web.archive.org/web/20210731082547/http://www.securityfocus.com/bid/64076", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210731082547/http://www.securityfocus.com/bid/64076" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2830", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2830" }, { "reference_url": "http://www.securityfocus.com/bid/64076", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/64076" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4492", "reference_id": "CVE-2013-4492", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4492" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4492", "GHSA-r5hc-9xx5-97rw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdmz-kfek-eyer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38754?format=api", "vulnerability_id": "VCID-jx3q-cxcq-9bgq", "summary": "Session fixation vulnerability via Set-Cookie headers\nThe package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1820", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03723", "scoring_system": "epss", "scoring_elements": "0.88212", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03723", "scoring_system": "epss", "scoring_elements": "0.88209", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03723", "scoring_system": "epss", "scoring_elements": "0.88189", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1820" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205291", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820" }, { "reference_url": "https://github.com/rest-client/rest-client", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rest-client/rest-client" }, { "reference_url": "https://github.com/rest-client/rest-client/issues/369", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rest-client/rest-client/issues/369" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1820", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1820" }, { "reference_url": "https://rubygems.org/gems/rest-client/versions/1.6.1.a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubygems.org/gems/rest-client/versions/1.6.1.a" }, { "reference_url": "https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/24/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/24/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238", "reference_id": "781238", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238" }, { "reference_url": "https://github.com/advisories/GHSA-3fhf-6939-qg8p", "reference_id": "GHSA-3fhf-6939-qg8p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3fhf-6939-qg8p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [], "aliases": [ "CVE-2015-1820", "GHSA-3fhf-6939-qg8p", "OSV-119878" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jx3q-cxcq-9bgq" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/wmi@1.3.14-1%3Farch=el6cf" }