{"url":"http://public2.vulnerablecode.io/api/packages/359847?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie","type":"deb","namespace":"debian","name":"rails","version":"2:4.2.7.1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2:5.2.0+dfsg-2","latest_non_vulnerable_version":"2:7.2.3.1+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27196?format=json","vulnerability_id":"VCID-b4sv-b9pz-r7er","summary":"actionview Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1856.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1856.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1857.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1857.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1858.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1858.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6316","reference_id":"","reference_type":"","scores":[{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82169","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6316","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6316"},{"reference_url":"https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430"},{"reference_url":"https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3651","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3651"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/08/11/3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/08/11/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365008","reference_id":"1365008","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365008"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155","reference_id":"834155","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155"},{"reference_url":"https://github.com/advisories/GHSA-pc3m-v286-2jwj","reference_id":"GHSA-pc3m-v286-2jwj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pc3m-v286-2jwj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1855","reference_id":"RHSA-2016:1855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1856","reference_id":"RHSA-2016:1856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1857","reference_id":"RHSA-2016:1857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1858","reference_id":"RHSA-2016:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359847?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2016-6316","GHSA-pc3m-v286-2jwj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4sv-b9pz-r7er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26791?format=json","vulnerability_id":"VCID-cbdn-yhbu-5uaj","summary":"ActiveRecord in Ruby on Rails allows database-query bypass\nActive Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6317","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59771","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6317","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6317"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/08/11/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/08/11/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365017","reference_id":"1365017","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365017"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154","reference_id":"834154","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154"},{"reference_url":"https://github.com/advisories/GHSA-pr3r-4wrp-r2pv","reference_id":"GHSA-pr3r-4wrp-r2pv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr3r-4wrp-r2pv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1855","reference_id":"RHSA-2016:1855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1855"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359847?format=json","purl":"pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359826?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359824?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359828?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ghz-4sfg-2feh"},{"vulnerability":"VCID-5bzk-rhe1-fqdc"},{"vulnerability":"VCID-7zz5-k99f-v3f6"},{"vulnerability":"VCID-f48b-ashx-53bg"},{"vulnerability":"VCID-gbvf-y28h-kqax"},{"vulnerability":"VCID-hdsb-jx4g-fqf6"},{"vulnerability":"VCID-nwk7-sujd-nkc1"},{"vulnerability":"VCID-urpb-uk1z-vqga"},{"vulnerability":"VCID-v3mu-95kt-ufc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/359827?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2016-6317","GHSA-pr3r-4wrp-r2pv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbdn-yhbu-5uaj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%3Fdistro=trixie"}