{"url":"http://public2.vulnerablecode.io/api/packages/175807?format=json","purl":"pkg:rpm/redhat/ruby193-rubygem-actionpack@1:3.2.8-5?arch=el6","type":"rpm","namespace":"redhat","name":"ruby193-rubygem-actionpack","version":"1:3.2.8-5","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114077?format=json","vulnerability_id":"VCID-4f3y-uu2b-uqfa","summary":"OpenShift Enterprise and Online vulnerable to CSRF attack with REST API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0196.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0196","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28884","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=901364","reference_id":"901364","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=901364"}],"fixed_packages":[],"aliases":["CVE-2013-0196"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4f3y-uu2b-uqfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37516?format=json","vulnerability_id":"VCID-kt2t-d3bx-jydv","summary":"XSS vulnerability in sanitize_css in Action Pack\nCarefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0698","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1863","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1863"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-1855","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-1855"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1855","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1855"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921331"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1855","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1855"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2013-1855","GHSA-q759-hwvc-m3jg","OSV-91452"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2t-d3bx-jydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37513?format=json","vulnerability_id":"VCID-qmvt-9qth-77a6","summary":"XSS Vulnerability in the `sanitize` helper\nThe `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1857","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70564","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1857"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1857","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1857"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921335","reference_id":"921335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921335"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2013-1857","GHSA-j838-vfpq-fmf2","OSV-91454"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmvt-9qth-77a6"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby193-rubygem-actionpack@1:3.2.8-5%3Farch=el6"}