{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","type":"deb","namespace":"debian","name":"rails","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.1.5-1","latest_non_vulnerable_version":"2:7.2.3.1+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27093?format=json","vulnerability_id":"VCID-1b9z-efz6-9fdu","summary":"actionpack Improper Input Validation vulnerability\nThe template selection functionality in `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2929","reference_id":"","reference_type":"","scores":[{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.7458","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2929"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731432","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731432"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2929","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2929"},{"reference_url":"https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://github.com/advisories/GHSA-r7q2-5gqg-6c7q","reference_id":"GHSA-r7q2-5gqg-6c7q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7q2-5gqg-6c7q"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2011-2929","GHSA-r7q2-5gqg-6c7q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1b9z-efz6-9fdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26543?format=json","vulnerability_id":"VCID-1xbd-73qv-mff9","summary":"actionpack Improper Authentication vulnerability\nThe `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.7707","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424"},{"reference_url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=843711","reference_id":"843711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=843711"},{"reference_url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj","reference_id":"GHSA-92w9-2pqw-rhjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3424","GHSA-92w9-2pqw-rhjj","OSV-84243"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xbd-73qv-mff9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26815?format=json","vulnerability_id":"VCID-3rn4-abmh-nkhv","summary":"actionpack allows bypass of database-query restrictions\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0469.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0469.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66784","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/403","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/403"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6417"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6417"},{"reference_url":"https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036409","reference_id":"1036409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036409"},{"reference_url":"https://github.com/advisories/GHSA-wpw7-wxjm-cw8r","reference_id":"GHSA-wpw7-wxjm-cw8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpw7-wxjm-cw8r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0469","reference_id":"RHSA-2014:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0469"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-6417","GHSA-wpw7-wxjm-cw8r","OSV-100527"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rn4-abmh-nkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27036?format=json","vulnerability_id":"VCID-4bzb-ft3d-dkgg","summary":"actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_tag_helper.rb` in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the `prompt` field to the `select_tag` helper.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56331","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463"},{"reference_url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847196","reference_id":"847196","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847196"},{"reference_url":"https://github.com/advisories/GHSA-98mf-8f57-64qf","reference_id":"GHSA-98mf-8f57-64qf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98mf-8f57-64qf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3463","GHSA-98mf-8f57-64qf","OSV-84515"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4bzb-ft3d-dkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41310?format=json","vulnerability_id":"VCID-4w1v-z4zj-6ydp","summary":"Untrusted users can run pending migrations in production in Rails\nThere is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.\n\nThis vulnerability has been assigned the CVE identifier CVE-2020-8185.\n\nVersions Affected:  6.0.0 < rails < 6.0.3.2\nNot affected:       Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)\nFixed Versions:     rails >= 6.0.3.2\n\nImpact\n------\n\nUsing this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run.\n\nWorkarounds\n-----------\n\nUntil such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb:\n\n`config.middleware.delete ActionDispatch::ActionableExceptions`","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8185","reference_id":"","reference_type":"","scores":[{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.7189","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8185"},{"reference_url":"https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0"},{"reference_url":"https://hackerone.com/reports/899069","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/899069"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8185","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8185"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852380","reference_id":"1852380","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852380"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081","reference_id":"964081","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081"},{"reference_url":"https://github.com/advisories/GHSA-c6qr-h5vq-59jc","reference_id":"GHSA-c6qr-h5vq-59jc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6qr-h5vq-59jc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-8185","GHSA-c6qr-h5vq-59jc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4w1v-z4zj-6ydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26679?format=json","vulnerability_id":"VCID-5pfg-7ntp-eff4","summary":"Cross-site Scripting vulnerability in i18n translations helper method\nCross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an \"html\" substring.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1"},{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain"},{"reference_url":"http://openwall.com/lists/oss-security/2011/11/18/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/11/18/8"},{"reference_url":"http://osvdb.org/77199","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/77199"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4319","reference_id":"","reference_type":"","scores":[{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70015","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4319"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71364","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71364"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c"},{"reference_url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade"},{"reference_url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4319","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4319"},{"reference_url":"https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722"},{"reference_url":"https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342"},{"reference_url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released"},{"reference_url":"http://www.securityfocus.com/bid/50722","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/50722"},{"reference_url":"http://www.securitytracker.com/id?1026342","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1026342"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=755004","reference_id":"755004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=755004"},{"reference_url":"https://github.com/advisories/GHSA-xxr8-833v-c7wc","reference_id":"GHSA-xxr8-833v-c7wc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxr8-833v-c7wc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2011-4319","GHSA-xxr8-833v-c7wc","OSV-77199"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pfg-7ntp-eff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26687?format=json","vulnerability_id":"VCID-5psk-hzaf-1kbz","summary":"actionpack vulnerable to Cross-site Scripting\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/translation_helper.rb` in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4491","reference_id":"","reference_type":"","scores":[{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72631","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/401","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/401"},{"reference_url":"https://github.com/advisories/GHSA-699m-mcjm-9cw8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-699m-mcjm-9cw8"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4491","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4491"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036922","reference_id":"1036922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-4491","GHSA-699m-mcjm-9cw8","OSV-100528"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5psk-hzaf-1kbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10670?format=json","vulnerability_id":"VCID-6k4p-91ka-juh5","summary":"Rails has possible Sensitive Session Information Leak in Active Storage\n# Possible Sensitive Session Information Leak in Active Storage\n\nThere is a possible sensitive session information leak in Active Storage.  By\ndefault, Active Storage sends a `Set-Cookie` header along with the user's\nsession cookie when serving blobs.  It also sets `Cache-Control` to public.\nCertain proxies may cache the Set-Cookie, leading to an information leak.\n\nThis vulnerability has been assigned the CVE identifier CVE-2024-26144.\n\nVersions Affected:  >= 5.2.0, < 7.1.0\nNot affected:       < 5.2.0, > 7.1.0\nFixed Versions:     7.0.8.1, 6.1.7.7\n\nImpact\n------\nA proxy which chooses to caches this request can cause users to share\nsessions. This may include a user receiving an attacker's session or vice\nversa.\n\nThis was patched in 7.1.0 but not previously identified as a security\nvulnerability.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUpgrade to Rails 7.1.X, or configure caching proxies not to cache the\nSet-Cookie headers.\n\nCredits\n-------\n\nThanks to [tyage](https://hackerone.com/tyage) for reporting this!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26144","reference_id":"","reference_type":"","scores":[{"value":"0.04252","scoring_system":"epss","scoring_elements":"0.88981","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26144"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/"}],"url":"https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433"},{"reference_url":"https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/"}],"url":"https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26144","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26144"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0013","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240510-0013"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119","reference_id":"1065119","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266063","reference_id":"2266063","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266063"},{"reference_url":"https://github.com/advisories/GHSA-8h22-8cf7-hq6g","reference_id":"GHSA-8h22-8cf7-hq6g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8h22-8cf7-hq6g"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0013/","reference_id":"ntap-20240510-0013","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0013/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10806","reference_id":"RHSA-2024:10806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10806"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359865?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359866?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-26144","GHSA-8h22-8cf7-hq6g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6k4p-91ka-juh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27165?format=json","vulnerability_id":"VCID-7fe5-pa3v-wfcq","summary":"actionmailer email address processing causes Denial of service\nMultiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4389","reference_id":"","reference_type":"","scores":[{"value":"0.01333","scoring_system":"epss","scoring_elements":"0.80273","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/118","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/118"},{"reference_url":"https://github.com/advisories/GHSA-rg5m-3fqp-6px8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg5m-3fqp-6px8"},{"reference_url":"https://github.com/rails/rails/tree/main/actionmailer","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/tree/main/actionmailer"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4389","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4389"},{"reference_url":"https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ"},{"reference_url":"http://www.debian.org/security/2014/dsa-2887","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2887"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013913","reference_id":"1013913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013913"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-4389","GHSA-rg5m-3fqp-6px8","OSV-98629"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fe5-pa3v-wfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26734?format=json","vulnerability_id":"VCID-8umt-dz29-p3ck","summary":"Active Record vulnerable to SQL Injection via nested query parameters\nThe Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2661","reference_id":"","reference_type":"","scores":[{"value":"0.00627","scoring_system":"epss","scoring_elements":"0.70556","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661"},{"reference_url":"https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2661","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2661"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827363","reference_id":"827363","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827363"},{"reference_url":"https://github.com/advisories/GHSA-fh39-v733-mxfr","reference_id":"GHSA-fh39-v733-mxfr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh39-v733-mxfr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2661","GHSA-fh39-v733-mxfr","OSV-82403"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8umt-dz29-p3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13669?format=json","vulnerability_id":"VCID-amxp-1d77-h7hc","summary":"ActionText ContentAttachment can Contain Unsanitized HTML\nInstances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML.\n\nThis has been assigned the CVE identifier CVE-2024-32464.\n\n\nVersions Affected:  >= 7.1.0\nNot affected:       < 7.1.0\nFixed Versions:     7.1.3.4\n\nImpact\n------\nThis could lead to a potential cross site scripting issue within the Trix editor.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nN/A\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our [maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues) regarding security issues. They are in git-am format and consist of a single changeset.\n\n* action_text_content_attachment_xss_7_1_stable.patch - Patch for 7.1 series\n\n\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for reporting this!","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32464","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51597","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32464"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/"}],"url":"https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32464","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32464"},{"reference_url":"https://github.com/advisories/GHSA-prjp-h48f-jgf6","reference_id":"GHSA-prjp-h48f-jgf6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prjp-h48f-jgf6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-32464","GHSA-prjp-h48f-jgf6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amxp-1d77-h7hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13731?format=json","vulnerability_id":"VCID-b7z5-h1bw-tya9","summary":"Missing security headers in Action Pack on non-HTML responses\n# Permissions-Policy is Only Served on HTML Content-Type\n\nThe application configurable Permissions-Policy is only served on responses\nwith an HTML related Content-Type.\n\nThis has been assigned the CVE identifier CVE-2024-28103.\n\n\nVersions Affected:  >= 6.1.0\nNot affected:       < 6.1.0\nFixed Versions:     6.1.7.8, 7.0.8.4, and 7.1.3.4\n\nImpact\n------\nResponses with a non-HTML Content-Type are not serving the configured Permissions-Policy. There are certain non-HTML Content-Types that would benefit from having the Permissions-Policy enforced.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nN/A\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe supported release series in accordance with our \n[maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues)\nregarding security issues. They are in git-am format and consist of a\nsingle changeset.\n\n* 6-1-include-permissions-policy-header-on-non-html.patch - Patch for 6.1 series\n* 7-0-include-permissions-policy-header-on-non-html.patch - Patch for 7.0 series\n* 7-1-include-permissions-policy-header-on-non-html.patch - Patch for 7.1 series\n\n\n\nCredits\n-------\n\nThank you [shinkbr](https://hackerone.com/shinkbr) for reporting this!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28103","reference_id":"","reference_type":"","scores":[{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74889","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28103"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/"}],"url":"https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28103","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28103"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241206-0002","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241206-0002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705","reference_id":"1072705","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290530","reference_id":"2290530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290530"},{"reference_url":"https://github.com/advisories/GHSA-fwhr-88qx-h9g7","reference_id":"GHSA-fwhr-88qx-h9g7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwhr-88qx-h9g7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359865?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359866?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-28103","GHSA-fwhr-88qx-h9g7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7z5-h1bw-tya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26991?format=json","vulnerability_id":"VCID-cs1f-uhb2-xkcm","summary":"actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in the simple_format helper in `actionpack/lib/action_view/helpers/text_helper.rb` in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6416","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46624","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6416"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/404","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/404"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6416","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6416"},{"reference_url":"https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036914","reference_id":"1036914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036914"},{"reference_url":"https://github.com/advisories/GHSA-w37c-q653-qg95","reference_id":"GHSA-w37c-q653-qg95","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w37c-q653-qg95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-6416","GHSA-w37c-q653-qg95","OSV-100526"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs1f-uhb2-xkcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26536?format=json","vulnerability_id":"VCID-ejgq-s79w-abd6","summary":"rails Cross-site Scripting vulnerability\nThe cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html"},{"reference_url":"http://openwall.com/lists/oss-security/2011/06/09/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/06/09/2"},{"reference_url":"http://openwall.com/lists/oss-security/2011/06/13/9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/06/13/9"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2197","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63551","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2197"},{"reference_url":"http://secunia.com/advisories/44789","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44789"},{"reference_url":"https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd"},{"reference_url":"https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2197","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2197"},{"reference_url":"http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications"},{"reference_url":"https://github.com/advisories/GHSA-v9v4-7jp6-8c73","reference_id":"GHSA-v9v4-7jp6-8c73","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v9v4-7jp6-8c73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2011-2197","GHSA-v9v4-7jp6-8c73"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejgq-s79w-abd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49212?format=json","vulnerability_id":"VCID-fr3w-ejk8-47gw","summary":"Cross site scripting in actionpack Rubygem\nA cross-site scripting vulnerability flaw was found in the `auto_link` function in Rails before version 3.0.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1497","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55931","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1497"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG"},{"reference_url":"https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d"},{"reference_url":"https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1497","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1497"},{"reference_url":"https://www.openwall.com/lists/oss-security/2011/04/06/13","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2011/04/06/13"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2015262","reference_id":"2015262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2015262"},{"reference_url":"https://github.com/advisories/GHSA-q58j-fmvf-9rq6","reference_id":"GHSA-q58j-fmvf-9rq6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q58j-fmvf-9rq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1497","GHSA-q58j-fmvf-9rq6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fr3w-ejk8-47gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45383?format=json","vulnerability_id":"VCID-n7ga-1sx4-yfcv","summary":"rubygem-actionpack: Possible Open Redirect Vulnerability in Action Pack","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22903","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2653","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22903"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.3.2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.3.2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0"},{"reference_url":"https://hackerone.com/reports/1148025","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1148025"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22903","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957438","reference_id":"1957438","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957438"},{"reference_url":"https://security.archlinux.org/AVG-1919","reference_id":"AVG-1919","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1919"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-22903","GHSA-5hq2-xf89-9jxq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7ga-1sx4-yfcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26994?format=json","vulnerability_id":"VCID-nax4-x97j-9fgr","summary":"actionpack Improper Input Validation vulnerability\n`actionpack/lib/action_view/lookup_context.rb` in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98724","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/400","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/400"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6414"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6414"},{"reference_url":"https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836"},{"reference_url":"https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036483","reference_id":"1036483","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036483"},{"reference_url":"https://github.com/advisories/GHSA-mpxf-gcw2-pw5q","reference_id":"GHSA-mpxf-gcw2-pw5q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpxf-gcw2-pw5q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-6414","GHSA-mpxf-gcw2-pw5q","OSV-100525"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nax4-x97j-9fgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10407?format=json","vulnerability_id":"VCID-ndth-atqq-53gq","summary":"Rails has possible XSS Vulnerability in Action Controller\n# Possible XSS Vulnerability in Action Controller\n\nThere is a possible XSS vulnerability when using the translation helpers\n(`translate`, `t`, etc) in Action Controller. This vulnerability has been\nassigned the CVE identifier CVE-2024-26143.\n\nVersions Affected:  >= 7.0.0.\nNot affected:       < 7.0.0\nFixed Versions:     7.1.3.1, 7.0.8.1\n\nImpact\n------\nApplications using translation methods like `translate`, or `t` on a\ncontroller, with a key ending in \"_html\", a `:default` key which contains\nuntrusted user input, and the resulting string is used in a view, may be\nsusceptible to an XSS vulnerability.\n\nFor example, impacted code will look something like this:\n\n```ruby\nclass ArticlesController < ApplicationController\n  def show  \n    @message = t(\"message_html\", default: untrusted_input)\n    # The `show` template displays the contents of `@message`\n  end\nend\n```\n\nTo reiterate the pre-conditions, applications must:\n\n* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from\n  a view)\n* Use a key that ends in `_html`\n* Use a default value where the default value is untrusted and unescaped input\n* Send the text to the victim (whether that's part of a template, or a\n  `render` call)\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n*  7-0-translate-xss.patch - Patch for 7.0 series\n*  7-1-translate-xss.patch - Patch for 7.1 series\n\nCredits\n-------\n\nThanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26143","reference_id":"","reference_type":"","scores":[{"value":"0.02067","scoring_system":"epss","scoring_elements":"0.8421","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26143"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc"},{"reference_url":"https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26143","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26143"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0004","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240510-0004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266388","reference_id":"2266388","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266388"},{"reference_url":"https://github.com/advisories/GHSA-9822-6m93-xqf4","reference_id":"GHSA-9822-6m93-xqf4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9822-6m93-xqf4"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0004/","reference_id":"ntap-20240510-0004","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0004/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-26143","GHSA-9822-6m93-xqf4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndth-atqq-53gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7604?format=json","vulnerability_id":"VCID-nmz3-ux68-dkfd","summary":"Rails: Action Pack: Action Pack: Cross-Site Scripting (XSS) via improper exception message escaping","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33167","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06147","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/"}],"url":"https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0"},{"reference_url":"https://github.com/rails/rails/releases/tag/v8.1.2.1","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/"}],"url":"https://github.com/rails/rails/releases/tag/v8.1.2.1"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33167","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450552","reference_id":"2450552","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-33167","GHSA-pgm4-439c-5jp6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmz3-ux68-dkfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26598?format=json","vulnerability_id":"VCID-nnka-c23v-qub7","summary":"actionpack vulnerable to Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `number_to_currency` helper in `actionpack/lib/action_view/helpers/number_helper.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.8147","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/402","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/402"},{"reference_url":"https://github.com/advisories/GHSA-6h5q-96hp-9jgm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6h5q-96hp-9jgm"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6415"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6415"},{"reference_url":"https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036910","reference_id":"1036910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-6415","GHSA-6h5q-96hp-9jgm","OSV-100524"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnka-c23v-qub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27148?format=json","vulnerability_id":"VCID-qv5s-vase-2qas","summary":"Array data injection vulnerability in activerecord\nSQL injection vulnerability in `activerecord/lib/active_record/connection_adapters/postgresql/cast.rb` in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute \"add data\" SQL commands via vectors involving `\\` (backslash) characters that are not properly handled in operations on array columns.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2014/02/18/9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/02/18/9"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0080","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48216","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0080"},{"reference_url":"https://github.com/advisories/GHSA-hqf9-rc9j-5fmj","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqf9-rc9j-5fmj"},{"reference_url":"https://github.com/rails/rails/tree/main/activerecord","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/tree/main/activerecord"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0080","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0080"},{"reference_url":"https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065517","reference_id":"1065517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065517"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0080","GHSA-hqf9-rc9j-5fmj","OSV-103438"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qv5s-vase-2qas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10072?format=json","vulnerability_id":"VCID-v2hk-dfbe-5khc","summary":"Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n\nThere is a possible ReDoS vulnerability in the Accept header parsing routines\nof Action Dispatch. This vulnerability has been assigned the CVE identifier\nCVE-2024-26142.\n\nVersions Affected:  >= 7.1.0, < 7.1.3.1\nNot affected:       < 7.1.0\nFixed Versions:     7.1.3.1\n\nImpact\n------\nCarefully crafted Accept headers can cause Accept header parsing in Action\nDispatch to take an unexpected amount of time, possibly resulting in a DoS\nvulnerability.  All users running an affected release should either upgrade or\nuse one of the workarounds immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby\n3.2 or newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 7-1-accept-redox.patch - Patch for 7.1 series\n\nCredits\n-------\nThanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26142","reference_id":"","reference_type":"","scores":[{"value":"0.03542","scoring_system":"epss","scoring_elements":"0.87875","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26142"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26142","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26142"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266324","reference_id":"2266324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266324"},{"reference_url":"https://github.com/advisories/GHSA-jjhx-jhvp-74wq","reference_id":"GHSA-jjhx-jhvp-74wq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjhx-jhvp-74wq"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240503-0003/","reference_id":"ntap-20240503-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240503-0003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-26142","GHSA-jjhx-jhvp-74wq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2hk-dfbe-5khc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27199?format=json","vulnerability_id":"VCID-xmwx-eqjn-pba9","summary":"Rails activerecord gem has Improper Input Validation vulnerability\nRuby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3933","reference_id":"","reference_type":"","scores":[{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72613","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3933"},{"reference_url":"http://secunia.com/advisories/41930","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/41930"},{"reference_url":"http://securitytracker.com/id?1024624","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1024624"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae"},{"reference_url":"https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3933","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3933"},{"reference_url":"https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930"},{"reference_url":"https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624"},{"reference_url":"http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2719","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/2719"},{"reference_url":"https://github.com/advisories/GHSA-gjxw-5w2q-7grf","reference_id":"GHSA-gjxw-5w2q-7grf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjxw-5w2q-7grf"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2010-3933","GHSA-gjxw-5w2q-7grf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmwx-eqjn-pba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26676?format=json","vulnerability_id":"VCID-y922-r53a-rke5","summary":"activerecord vulnerable to SQL Injection\nRuby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0448","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72088","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0448"},{"reference_url":"http://secunia.com/advisories/43278","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43278"},{"reference_url":"http://securitytracker.com/id?1025063","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1025063"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0448","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0448"},{"reference_url":"https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063"},{"reference_url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://github.com/advisories/GHSA-jmm9-2p29-vh2w","reference_id":"GHSA-jmm9-2p29-vh2w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmm9-2p29-vh2w"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0448","GHSA-jmm9-2p29-vh2w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y922-r53a-rke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41514?format=json","vulnerability_id":"VCID-yu7a-v8cu-gya3","summary":"Information disclosure issue in Active Resource\nThere is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8151","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52312","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8151"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/activeresource","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/activeresource"},{"reference_url":"https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e"},{"reference_url":"https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8151","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8151"},{"reference_url":"https://github.com/advisories/GHSA-46j2-xjgp-jrfm","reference_id":"GHSA-46j2-xjgp-jrfm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46j2-xjgp-jrfm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-8151","GHSA-46j2-xjgp-jrfm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu7a-v8cu-gya3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36073?format=json","vulnerability_id":"VCID-z277-4dtj-zfbz","summary":"Open Redirect Vulnerability in Action Pack\nThere is a vulnerability in Action Controller’s redirect_to. This vulnerability has been assigned the CVE identifier CVE-2023-22797.\n\nVersions Affected: >= 7.0.0 Not affected: < 7.0.0 Fixed Versions: 7.0.4.1\nImpact \n\nThere is a possible open redirect when using the redirect_to helper with untrusted user input.\n\nVulnerable code will look like this:\n```\nredirect_to(params[:some_param])\n```\n\nRails 7.0 introduced protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could be bypassed by a carefully crafted URL.\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\nReleases\n\nThe FIXED releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    7-0-Fix-sec-issue-with-_url_host_allowed.patch - Patch for 7.0 series\n\nPlease note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22797","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36547","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22797"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:07:07Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22797","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22797"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164793","reference_id":"2164793","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164793"},{"reference_url":"https://github.com/advisories/GHSA-9445-4cr6-336r","reference_id":"GHSA-9445-4cr6-336r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9445-4cr6-336r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-22797","GHSA-9445-4cr6-336r","GMS-2023-57"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z277-4dtj-zfbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26528?format=json","vulnerability_id":"VCID-z8t9-md9f-qfde","summary":"activesupport Improper Input Validation vulnerability\nThe `ActiveSupport::XmlMini_JDOM` backend in `lib/active_support/xml_mini/jdom.rb` in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1856","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.7247","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1856"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1856","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1856"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856","reference_id":"","reference_type":"","scores":[],"url":"http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/03/18/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/03/18/4"},{"reference_url":"https://github.com/advisories/GHSA-9c2j-593q-3g82","reference_id":"GHSA-9c2j-593q-3g82","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9c2j-593q-3g82"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-1856","GHSA-9c2j-593q-3g82","OSV-91451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8t9-md9f-qfde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26868?format=json","vulnerability_id":"VCID-zapd-uts9-zfch","summary":"actionpack allows remote attackers to bypass intended access restrictions\n`actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0449","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68408","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0449"},{"reference_url":"http://secunia.com/advisories/43278","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43278"},{"reference_url":"http://securitytracker.com/id?1025061","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1025061"},{"reference_url":"https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b"},{"reference_url":"https://github.com/rails/rails/tree/main/actionpack","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/tree/main/actionpack"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0449","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0449"},{"reference_url":"https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061"},{"reference_url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://github.com/advisories/GHSA-4ww3-3rxj-8v6q","reference_id":"GHSA-4ww3-3rxj-8v6q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4ww3-3rxj-8v6q"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359837?format=json","purl":"pkg:deb/debian/rails@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0449","GHSA-4ww3-3rxj-8v6q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zapd-uts9-zfch"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie"}