{"url":"http://public2.vulnerablecode.io/api/packages/325078?format=json","purl":"pkg:gem/activerecord@3.1","type":"gem","namespace":"","name":"activerecord","version":"3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.1.5.2","latest_non_vulnerable_version":"8.0.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200410?format=json","vulnerability_id":"VCID-18n5-8cur-m7ae","summary":"Active Record vulnerable to SQL Injection via nested query parameters","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2661","reference_id":"","reference_type":"","scores":[{"value":"0.00627","scoring_system":"epss","scoring_elements":"0.70805","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00627","scoring_system":"epss","scoring_elements":"0.70715","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661"},{"reference_url":"https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827363","reference_id":"827363","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827363"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2661","reference_id":"CVE-2012-2661","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2661"},{"reference_url":"https://github.com/advisories/GHSA-fh39-v733-mxfr","reference_id":"GHSA-fh39-v733-mxfr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh39-v733-mxfr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12972?format=json","purl":"pkg:gem/activerecord@3.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/406533?format=json","purl":"pkg:gem/activerecord@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18n5-8cur-m7ae"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-72jm-58dq-mub5"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/12953?format=json","purl":"pkg:gem/activerecord@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4"}],"aliases":["CVE-2012-2661","GHSA-fh39-v733-mxfr","OSV-82403"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18n5-8cur-m7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/493?format=json","vulnerability_id":"VCID-3qsf-qm7w-y7be","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7577","reference_id":"","reference_type":"","scores":[{"value":"0.01209","scoring_system":"epss","scoring_elements":"0.79447","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01209","scoring_system":"epss","scoring_elements":"0.7938","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/10","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301957","reference_id":"1301957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301957"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7577","reference_id":"CVE-2015-7577","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7577"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml","reference_id":"CVE-2015-7577.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml"},{"reference_url":"https://github.com/advisories/GHSA-xrr6-3pc4-m447","reference_id":"GHSA-xrr6-3pc4-m447","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrr6-3pc4-m447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12631?format=json","purl":"pkg:gem/activerecord@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12725?format=json","purl":"pkg:gem/activerecord@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12757?format=json","purl":"pkg:gem/activerecord@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12686?format=json","purl":"pkg:gem/activerecord@5.0.0.beta1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.0.0.beta1.1"}],"aliases":["CVE-2015-7577","GHSA-xrr6-3pc4-m447"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qsf-qm7w-y7be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178544?format=json","vulnerability_id":"VCID-3ser-nhqn-mbar","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0155","reference_id":"","reference_type":"","scores":[{"value":"0.18174","scoring_system":"epss","scoring_elements":"0.95355","published_at":"2026-06-12T12:55:00Z"},{"value":"0.18174","scoring_system":"epss","scoring_elements":"0.95341","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"http://www.debian.org/security/2013/dsa-2609","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2609"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=892866","reference_id":"892866","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=892866"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0155","reference_id":"CVE-2013-0155","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0155"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml","reference_id":"CVE-2013-0155.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml"},{"reference_url":"https://github.com/advisories/GHSA-gppp-5xc5-wfpx","reference_id":"GHSA-gppp-5xc5-wfpx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gppp-5xc5-wfpx"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0155","reference_id":"RHSA-2013:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0155"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12820?format=json","purl":"pkg:gem/activerecord@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/406533?format=json","purl":"pkg:gem/activerecord@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18n5-8cur-m7ae"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-72jm-58dq-mub5"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/12841?format=json","purl":"pkg:gem/activerecord@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11"}],"aliases":["CVE-2013-0155","GHSA-gppp-5xc5-wfpx","OSV-89025"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ser-nhqn-mbar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200350?format=json","vulnerability_id":"VCID-72jm-58dq-mub5","summary":"Action Pack contains database-query restrictions bypass","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36816","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36637","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b"},{"reference_url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml"},{"reference_url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827353","reference_id":"827353","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827353"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660","reference_id":"CVE-2012-2660","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml","reference_id":"CVE-2012-2660.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml","reference_id":"CVE-2012-2660.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml"},{"reference_url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf","reference_id":"GHSA-hgpp-pp89-4fgf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12972?format=json","purl":"pkg:gem/activerecord@3.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/406533?format=json","purl":"pkg:gem/activerecord@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18n5-8cur-m7ae"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-72jm-58dq-mub5"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/12953?format=json","purl":"pkg:gem/activerecord@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4"}],"aliases":["CVE-2012-2660","GHSA-hgpp-pp89-4fgf","OSV-82610"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72jm-58dq-mub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179831?format=json","vulnerability_id":"VCID-pbgu-3zaj-ukay","summary":"A vulnerability in Active Record could allow a remote attacker to\n    inject SQL commands.","references":[{"reference_url":"http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0220.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0220.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6496","reference_id":"","reference_type":"","scores":[{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77607","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77676","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6496"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=889649","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=889649"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201401-22.xml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-201401-22.xml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6496","reference_id":"CVE-2012-6496","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6496"},{"reference_url":"https://github.com/advisories/GHSA-gh2w-j7cx-2664","reference_id":"GHSA-gh2w-j7cx-2664","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh2w-j7cx-2664"},{"reference_url":"https://security.gentoo.org/glsa/201401-22","reference_id":"GLSA-201401-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0155","reference_id":"RHSA-2013:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0220","reference_id":"RHSA-2013:0220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0220"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12866?format=json","purl":"pkg:gem/activerecord@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/406533?format=json","purl":"pkg:gem/activerecord@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18n5-8cur-m7ae"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-72jm-58dq-mub5"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/12895?format=json","purl":"pkg:gem/activerecord@3.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.10"}],"aliases":["CVE-2012-6496","GHSA-gh2w-j7cx-2664","OSV-88661"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbgu-3zaj-ukay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200367?format=json","vulnerability_id":"VCID-rd4z-yncp-qkfu","summary":"activerecord vulnerable to SQL Injection","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2695","reference_id":"","reference_type":"","scores":[{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.71058","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70968","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2695"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=831573","reference_id":"831573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=831573"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2695","reference_id":"CVE-2012-2695","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2695"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml","reference_id":"CVE-2012-2695.YML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml"},{"reference_url":"https://github.com/advisories/GHSA-76wq-xw4h-f8wj","reference_id":"GHSA-76wq-xw4h-f8wj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-76wq-xw4h-f8wj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12955?format=json","purl":"pkg:gem/activerecord@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/12936?format=json","purl":"pkg:gem/activerecord@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-hh3w-dxkg-8ygx"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.6"}],"aliases":["CVE-2012-2695","GHSA-76wq-xw4h-f8wj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rd4z-yncp-qkfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178549?format=json","vulnerability_id":"VCID-rhyd-xbpb-wufa","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0699.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0699.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0699","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1863","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1863"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1854","reference_id":"","reference_type":"","scores":[{"value":"0.01795","scoring_system":"epss","scoring_elements":"0.83232","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01795","scoring_system":"epss","scoring_elements":"0.83171","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1854"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE"},{"reference_url":"https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-1854","reference_id":"CVE-2013-1854","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-1854"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1854","reference_id":"CVE-2013-1854","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1854"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml","reference_id":"CVE-2013-1854.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml"},{"reference_url":"https://github.com/advisories/GHSA-3crr-9vmg-864v","reference_id":"GHSA-3crr-9vmg-864v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3crr-9vmg-864v"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12780?format=json","purl":"pkg:gem/activerecord@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/12867?format=json","purl":"pkg:gem/activerecord@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-rhyd-xbpb-wufa"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-sth3-da79-67bt"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13"}],"aliases":["CVE-2013-1854","GHSA-3crr-9vmg-864v","OSV-91453"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhyd-xbpb-wufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178540?format=json","vulnerability_id":"VCID-u2gv-wvdc-tfbs","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2930","reference_id":"","reference_type":"","scores":[{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.7686","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76929","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2930"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731438","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2930","reference_id":"CVE-2011-2930","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2930"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml","reference_id":"CVE-2011-2930.YML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml"},{"reference_url":"https://github.com/advisories/GHSA-h6w6-xmqv-7q78","reference_id":"GHSA-h6w6-xmqv-7q78","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6w6-xmqv-7q78"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-2930","GHSA-h6w6-xmqv-7q78"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2gv-wvdc-tfbs"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1"}