{"url":"http://public2.vulnerablecode.io/api/packages/379213?format=json","purl":"pkg:gem/actionpack@2.0.1","type":"gem","namespace":"","name":"actionpack","version":"2.0.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.1.2.1","latest_non_vulnerable_version":"8.1.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26752?format=json","vulnerability_id":"VCID-123f-6px7-3qdg","summary":"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` (dot dot) in a pathname.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0752","reference_id":"","reference_type":"","scores":[{"value":"0.90494","scoring_system":"epss","scoring_elements":"0.99626","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xrr4-p6fq-hjg7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrr4-p6fq-hjg7"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0752","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0752"},{"reference_url":"https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"},{"reference_url":"https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801"},{"reference_url":"https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752"},{"reference_url":"https://www.exploit-db.com/exploits/40561","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/40561"},{"reference_url":"http://www.debian.org/security/2016/dsa-3464","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.debian.org/security/2016/dsa-3464"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/13"},{"reference_url":"http://www.securityfocus.com/bid/81801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.securityfocus.com/bid/81801"},{"reference_url":"http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.securitytracker.com/id/1034816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301963","reference_id":"1301963","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301963"},{"reference_url":"https://www.exploit-db.com/exploits/40561/","reference_id":"40561","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"https://www.exploit-db.com/exploits/40561/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb","reference_id":"CVE-2016-0752","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60449?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60450?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60448?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"}],"aliases":["CVE-2016-0752","GHSA-xrr4-p6fq-hjg7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-123f-6px7-3qdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27093?format=json","vulnerability_id":"VCID-1b9z-efz6-9fdu","summary":"actionpack Improper Input Validation vulnerability\nThe template selection functionality in `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2929","reference_id":"","reference_type":"","scores":[{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.7458","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2929"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731432","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731432"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2929","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2929"},{"reference_url":"https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://github.com/advisories/GHSA-r7q2-5gqg-6c7q","reference_id":"GHSA-r7q2-5gqg-6c7q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7q2-5gqg-6c7q"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60434?format=json","purl":"pkg:gem/actionpack@3.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/320327?format=json","purl":"pkg:gem/actionpack@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0"}],"aliases":["CVE-2011-2929","GHSA-r7q2-5gqg-6c7q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1b9z-efz6-9fdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26543?format=json","vulnerability_id":"VCID-1xbd-73qv-mff9","summary":"actionpack Improper Authentication vulnerability\nThe `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.7707","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424"},{"reference_url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=843711","reference_id":"843711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=843711"},{"reference_url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj","reference_id":"GHSA-92w9-2pqw-rhjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60295?format=json","purl":"pkg:gem/actionpack@2.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/60290?format=json","purl":"pkg:gem/actionpack@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/379452?format=json","purl":"pkg:gem/actionpack@3.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/60291?format=json","purl":"pkg:gem/actionpack@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/379461?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/60293?format=json","purl":"pkg:gem/actionpack@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7"}],"aliases":["CVE-2012-3424","GHSA-92w9-2pqw-rhjj","OSV-84243"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xbd-73qv-mff9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26661?format=json","vulnerability_id":"VCID-3edd-m27s-a3ek","summary":"actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2694","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44664","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2694"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a"},{"reference_url":"https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2694","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=831581","reference_id":"831581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=831581"},{"reference_url":"https://github.com/advisories/GHSA-q34c-48gc-m9g8","reference_id":"GHSA-q34c-48gc-m9g8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q34c-48gc-m9g8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60353?format=json","purl":"pkg:gem/actionpack@3.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/60354?format=json","purl":"pkg:gem/actionpack@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/60355?format=json","purl":"pkg:gem/actionpack@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6"}],"aliases":["CVE-2012-2694","GHSA-q34c-48gc-m9g8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3edd-m27s-a3ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26815?format=json","vulnerability_id":"VCID-3rn4-abmh-nkhv","summary":"actionpack allows bypass of database-query restrictions\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0469.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0469.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66784","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/403","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/403"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6417"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6417"},{"reference_url":"https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036409","reference_id":"1036409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036409"},{"reference_url":"https://github.com/advisories/GHSA-wpw7-wxjm-cw8r","reference_id":"GHSA-wpw7-wxjm-cw8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpw7-wxjm-cw8r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0469","reference_id":"RHSA-2014:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0469"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60329?format=json","purl":"pkg:gem/actionpack@3.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/60332?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-6417","GHSA-wpw7-wxjm-cw8r","OSV-100527"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rn4-abmh-nkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27036?format=json","vulnerability_id":"VCID-4bzb-ft3d-dkgg","summary":"actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_tag_helper.rb` in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the `prompt` field to the `select_tag` helper.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56331","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463"},{"reference_url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847196","reference_id":"847196","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847196"},{"reference_url":"https://github.com/advisories/GHSA-98mf-8f57-64qf","reference_id":"GHSA-98mf-8f57-64qf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98mf-8f57-64qf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379219?format=json","purl":"pkg:gem/actionpack@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/60490?format=json","purl":"pkg:gem/actionpack@3.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/379452?format=json","purl":"pkg:gem/actionpack@3.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/60491?format=json","purl":"pkg:gem/actionpack@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/379461?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/60492?format=json","purl":"pkg:gem/actionpack@3.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8"}],"aliases":["CVE-2012-3463","GHSA-98mf-8f57-64qf","OSV-84515"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4bzb-ft3d-dkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41310?format=json","vulnerability_id":"VCID-4w1v-z4zj-6ydp","summary":"Untrusted users can run pending migrations in production in Rails\nThere is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.\n\nThis vulnerability has been assigned the CVE identifier CVE-2020-8185.\n\nVersions Affected:  6.0.0 < rails < 6.0.3.2\nNot affected:       Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)\nFixed Versions:     rails >= 6.0.3.2\n\nImpact\n------\n\nUsing this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run.\n\nWorkarounds\n-----------\n\nUntil such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb:\n\n`config.middleware.delete ActionDispatch::ActionableExceptions`","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8185","reference_id":"","reference_type":"","scores":[{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.7189","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8185"},{"reference_url":"https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0"},{"reference_url":"https://hackerone.com/reports/899069","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/899069"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8185","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8185"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852380","reference_id":"1852380","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852380"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081","reference_id":"964081","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081"},{"reference_url":"https://github.com/advisories/GHSA-c6qr-h5vq-59jc","reference_id":"GHSA-c6qr-h5vq-59jc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6qr-h5vq-59jc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74968?format=json","purl":"pkg:gem/actionpack@6.0.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ru-4qks-7yf3"},{"vulnerability":"VCID-4fyg-vxpj-c7d7"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-be5x-uyc6-sudm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-fdqs-v9b2-53gu"},{"vulnerability":"VCID-fgtd-zx7r-rygb"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mgjg-juur-rfe5"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-re7g-rxbm-dbd9"},{"vulnerability":"VCID-uppk-66vw-gbb9"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-z16b-zfgu-13a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.2"}],"aliases":["CVE-2020-8185","GHSA-c6qr-h5vq-59jc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4w1v-z4zj-6ydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27188?format=json","vulnerability_id":"VCID-58sa-6uag-z7hp","summary":"actionpack Improper Input Validation vulnerability\n`active_support/core_ext/hash/conversions.rb` in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0153.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0153.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0155.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0155.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99708","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0156"},{"reference_url":"https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0156"},{"reference_url":"https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"},{"reference_url":"https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A"},{"reference_url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2604","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2604"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html"},{"reference_url":"http://www.insinuator.net/2013/01/rails-yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.insinuator.net/2013/01/rails-yaml"},{"reference_url":"http://www.insinuator.net/2013/01/rails-yaml/","reference_id":"","reference_type":"","scores":[],"url":"http://www.insinuator.net/2013/01/rails-yaml/"},{"reference_url":"http://www.kb.cert.org/vuls/id/380039","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/380039"},{"reference_url":"http://www.kb.cert.org/vuls/id/628463","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/628463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722","reference_id":"697722","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=892870","reference_id":"892870","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=892870"},{"reference_url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/","reference_id":"CVE-2013-0156","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb","reference_id":"CVE-2013-0156;OSVDB-89026","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb","reference_id":"CVE-2013-0156;OSVDB-89026","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb"},{"reference_url":"https://github.com/advisories/GHSA-jmgw-6vjg-jjwg","reference_id":"GHSA-jmgw-6vjg-jjwg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmgw-6vjg-jjwg"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0153","reference_id":"RHSA-2013:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0155","reference_id":"RHSA-2013:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0155"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60620?format=json","purl":"pkg:gem/actionpack@2.3.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/60622?format=json","purl":"pkg:gem/actionpack@3.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/379452?format=json","purl":"pkg:gem/actionpack@3.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/60624?format=json","purl":"pkg:gem/actionpack@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/379461?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/60626?format=json","purl":"pkg:gem/actionpack@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11"}],"aliases":["CVE-2013-0156","GHSA-jmgw-6vjg-jjwg","OSV-89026"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58sa-6uag-z7hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26589?format=json","vulnerability_id":"VCID-5a2t-fre4-zkay","summary":"Cross-site Scripting in actionpack\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_options_helper.rb` in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1099","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60937","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1099"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=799276","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=799276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099"},{"reference_url":"https://github.com/advisories/GHSA-2xjj-5x6h-8vmf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xjj-5x6h-8vmf"},{"reference_url":"https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1099","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1099"},{"reference_url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"},{"reference_url":"http://www.debian.org/security/2012/dsa-2466","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2466"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/02/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/03/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/03/03/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60326?format=json","purl":"pkg:gem/actionpack@3.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/379452?format=json","purl":"pkg:gem/actionpack@3.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/60327?format=json","purl":"pkg:gem/actionpack@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/379461?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/60328?format=json","purl":"pkg:gem/actionpack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.2"}],"aliases":["CVE-2012-1099","GHSA-2xjj-5x6h-8vmf","OSV-79727"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5a2t-fre4-zkay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26679?format=json","vulnerability_id":"VCID-5pfg-7ntp-eff4","summary":"Cross-site Scripting vulnerability in i18n translations helper method\nCross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an \"html\" substring.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1"},{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain"},{"reference_url":"http://openwall.com/lists/oss-security/2011/11/18/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/11/18/8"},{"reference_url":"http://osvdb.org/77199","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/77199"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4319","reference_id":"","reference_type":"","scores":[{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70015","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4319"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71364","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71364"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c"},{"reference_url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade"},{"reference_url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4319","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4319"},{"reference_url":"https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722"},{"reference_url":"https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342"},{"reference_url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released"},{"reference_url":"http://www.securityfocus.com/bid/50722","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/50722"},{"reference_url":"http://www.securitytracker.com/id?1026342","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1026342"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=755004","reference_id":"755004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=755004"},{"reference_url":"https://github.com/advisories/GHSA-xxr8-833v-c7wc","reference_id":"GHSA-xxr8-833v-c7wc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxr8-833v-c7wc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60359?format=json","purl":"pkg:gem/actionpack@3.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/60360?format=json","purl":"pkg:gem/actionpack@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.2"}],"aliases":["CVE-2011-4319","GHSA-xxr8-833v-c7wc","OSV-77199"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pfg-7ntp-eff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26687?format=json","vulnerability_id":"VCID-5psk-hzaf-1kbz","summary":"actionpack vulnerable to Cross-site Scripting\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/translation_helper.rb` in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4491","reference_id":"","reference_type":"","scores":[{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72631","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/401","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/401"},{"reference_url":"https://github.com/advisories/GHSA-699m-mcjm-9cw8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-699m-mcjm-9cw8"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4491","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4491"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036922","reference_id":"1036922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60329?format=json","purl":"pkg:gem/actionpack@3.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/60332?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-4491","GHSA-699m-mcjm-9cw8","OSV-100528"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5psk-hzaf-1kbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41466?format=json","vulnerability_id":"VCID-6z21-pd9d-pfgk","summary":"Possible Strong Parameters Bypass in ActionPack\nThere is a strong parameters bypass vector in ActionPack.\n\nVersions Affected:  rails <= 6.0.3\nNot affected:       rails < 5.0.0\nFixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\nIn some cases user supplied information can be inadvertently leaked from\nStrong Parameters.  Specifically the return value of `each`, or `each_value`,\nor `each_pair` will return the underlying \"untrusted\" hash of data that was\nread from the parameters.  Applications that use this return value may be\ninadvertently use untrusted user input.\n\nImpacted code will look something like this:\n\n```\ndef update\n  # Attacker has included the parameter: `{ is_admin: true }`\n  User.update(clean_up_params)\nend\n\ndef clean_up_params\n   params.each { |k, v|  SomeModel.check(v) if k == :name }\nend\n```\n\nNote the mistaken use of `each` in the `clean_up_params` method in the above\nexample.\n\nWorkarounds\n-----------\nDo not use the return values of `each`, `each_value`, or `each_pair` in your\napplication.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8164","reference_id":"","reference_type":"","scores":[{"value":"0.07389","scoring_system":"epss","scoring_elements":"0.91842","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"},{"reference_url":"https://hackerone.com/reports/292797","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/292797"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8164","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8164"},{"reference_url":"https://www.debian.org/security/2020/dsa-4766","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842634","reference_id":"1842634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842634"},{"reference_url":"https://github.com/advisories/GHSA-8727-m6gj-mc37","reference_id":"GHSA-8727-m6gj-mc37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8727-m6gj-mc37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75127?format=json","purl":"pkg:gem/actionpack@5.2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fyg-vxpj-c7d7"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-be5x-uyc6-sudm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-re7g-rxbm-dbd9"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-z16b-zfgu-13a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/75131?format=json","purl":"pkg:gem/actionpack@6.0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ru-4qks-7yf3"},{"vulnerability":"VCID-4fyg-vxpj-c7d7"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-be5x-uyc6-sudm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-fdqs-v9b2-53gu"},{"vulnerability":"VCID-fgtd-zx7r-rygb"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mgjg-juur-rfe5"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-re7g-rxbm-dbd9"},{"vulnerability":"VCID-uppk-66vw-gbb9"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-z16b-zfgu-13a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.1"}],"aliases":["CVE-2020-8164","GHSA-8727-m6gj-mc37"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6z21-pd9d-pfgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26756?format=json","vulnerability_id":"VCID-8nkw-8mka-1ygk","summary":"actionpack Improper Input Validation vulnerability\nThe `to_s` method in `actionpack/lib/action_dispatch/middleware/remote_ip.rb` in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.","references":[{"reference_url":"http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html","reference_id":"","reference_type":"","scores":[],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3187","reference_id":"","reference_type":"","scores":[{"value":"0.08484","scoring_system":"epss","scoring_elements":"0.92485","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3187"},{"reference_url":"https://bugzilla.novell.com/show_bug.cgi?id=673010","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.novell.com/show_bug.cgi?id=673010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3187","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3187"},{"reference_url":"https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html"},{"reference_url":"http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb","reference_id":"CVE-2011-3187;OSVDB-73733","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb"},{"reference_url":"https://www.securityfocus.com/bid/46423/info","reference_id":"CVE-2011-3187;OSVDB-73733","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/46423/info"},{"reference_url":"https://github.com/advisories/GHSA-3vfw-7rcp-3xgm","reference_id":"GHSA-3vfw-7rcp-3xgm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vfw-7rcp-3xgm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60433?format=json","purl":"pkg:gem/actionpack@2.3.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/379426?format=json","purl":"pkg:gem/actionpack@2.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.14"}],"aliases":["CVE-2011-3187","GHSA-3vfw-7rcp-3xgm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nkw-8mka-1ygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36017?format=json","vulnerability_id":"VCID-98gu-r7wd-cuah","summary":"ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792.\n\nVersions Affected: >= 3.0.0 Not affected: < 3.0.0 Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1\nImpact\n\nSpecially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.\nReleases\n\nThe FIXED releases are available at the normal locations.\nWorkarounds\n\nWe recommend that all users upgrade to one of the FIXED versions. In the meantime, users can mitigate this vulnerability by using a load balancer or other device to filter out malicious X_FORWARDED_HOST headers before they reach the application.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    6-1-Use-string-split-instead-of-regex-for-domain-parts.patch - Patch for 6.1 series\n    7-0-Use-string-split-instead-of-regex-for-domain-parts.patch - Patch for 7.0 series\n\nPlease note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nhttps://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792","reference_id":"","reference_type":"","scores":[{"value":"0.02326","scoring_system":"epss","scoring_elements":"0.85075","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007"},{"reference_url":"https://www.debian.org/security/2023/dsa-5372","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://www.debian.org/security/2023/dsa-5372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800","reference_id":"2164800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800"},{"reference_url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj","reference_id":"GHSA-p84v-45xj-wwqj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007/","reference_id":"ntap-20240202-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383446?format=json","purl":"pkg:gem/actionpack@5.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/68357?format=json","purl":"pkg:gem/actionpack@5.2.8.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8.15"},{"url":"http://public2.vulnerablecode.io/api/packages/68359?format=json","purl":"pkg:gem/actionpack@6.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68361?format=json","purl":"pkg:gem/actionpack@7.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-ndth-atqq-53gq"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1"}],"aliases":["CVE-2023-22792","GHSA-p84v-45xj-wwqj","GMS-2023-58"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98gu-r7wd-cuah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26727?format=json","vulnerability_id":"VCID-9gqn-8g4t-wfby","summary":"actionpack Cross-site Scripting vulnerability\nThe `sanitize_css` method in `lib/action_controller/vendor/html-scanner/html/sanitizer.rb` in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle `\\n` (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0698","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1863","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1863"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-1855","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-1855"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1855","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67744","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1855"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1855","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1855"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"https://github.com/advisories/GHSA-q759-hwvc-m3jg","reference_id":"GHSA-q759-hwvc-m3jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q759-hwvc-m3jg"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60414?format=json","purl":"pkg:gem/actionpack@2.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/60415?format=json","purl":"pkg:gem/actionpack@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/60416?format=json","purl":"pkg:gem/actionpack@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13"}],"aliases":["CVE-2013-1855","GHSA-q759-hwvc-m3jg","OSV-91452"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqn-8g4t-wfby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27189?format=json","vulnerability_id":"VCID-a6wp-n5yh-ybcv","summary":"Improper Input Validation in actionpack\nRuby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"},{"reference_url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup"},{"reference_url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/","reference_id":"","reference_type":"","scores":[],"url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2008-7248","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2008-7248"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7248","reference_id":"","reference_type":"","scores":[{"value":"0.11409","scoring_system":"epss","scoring_elements":"0.93687","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7248"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=544329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=544329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248"},{"reference_url":"http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/36600"},{"reference_url":"http://secunia.com/advisories/38915","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/38915"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-7248","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-7248"},{"reference_url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup"},{"reference_url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/","reference_id":"","reference_type":"","scores":[],"url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/"},{"reference_url":"https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1"},{"reference_url":"https://www.openwall.com/lists/oss-security/2009/11/28/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2009/11/28/1"},{"reference_url":"https://www.openwall.com/lists/oss-security/2009/12/02/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2009/12/02/2"},{"reference_url":"https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html"},{"reference_url":"http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/28/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/28/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/12/02/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/12/02/2"},{"reference_url":"http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685","reference_id":"558685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt","reference_id":"CVE-2008-7248;OSVDB-61124","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt"},{"reference_url":"https://www.securityfocus.com/bid/37322/info","reference_id":"CVE-2008-7248;OSVDB-61124","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/37322/info"},{"reference_url":"https://github.com/advisories/GHSA-8fqx-7pv4-3jwm","reference_id":"GHSA-8fqx-7pv4-3jwm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fqx-7pv4-3jwm"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60629?format=json","purl":"pkg:gem/actionpack@2.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/60631?format=json","purl":"pkg:gem/actionpack@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.2.2"}],"aliases":["CVE-2008-7248","GHSA-8fqx-7pv4-3jwm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6wp-n5yh-ybcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26859?format=json","vulnerability_id":"VCID-baur-f442-wqgw","summary":"actionpack CRLF injection vulnerability\nCRLF injection vulnerability in `actionpack/lib/action_controller/response.rb` in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3186","reference_id":"","reference_type":"","scores":[{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.7458","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3186"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=732156","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=732156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9"},{"reference_url":"https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3186","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3186"},{"reference_url":"https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://github.com/advisories/GHSA-fcqf-h4h4-695m","reference_id":"GHSA-fcqf-h4h4-695m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcqf-h4h4-695m"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60433?format=json","purl":"pkg:gem/actionpack@2.3.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/379426?format=json","purl":"pkg:gem/actionpack@2.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/320398?format=json","purl":"pkg:gem/actionpack@3.0.0.beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.0.beta"}],"aliases":["CVE-2011-3186","GHSA-fcqf-h4h4-695m","OSV-74616"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-baur-f442-wqgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26736?format=json","vulnerability_id":"VCID-bfbp-7umh-2fcp","summary":"actionpack and activesupport vulnerable to information leaks\nA certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3086","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68454","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086"},{"reference_url":"http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/36600"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0"},{"reference_url":"https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978"},{"reference_url":"https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3086","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3086"},{"reference_url":"https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600"},{"reference_url":"https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427"},{"reference_url":"http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails"},{"reference_url":"http://www.debian.org/security/2011/dsa-2260","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2260"},{"reference_url":"http://www.securityfocus.com/bid/37427","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/37427"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","reference_id":"545063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"},{"reference_url":"https://github.com/advisories/GHSA-fg9w-g6m4-557j","reference_id":"GHSA-fg9w-g6m4-557j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fg9w-g6m4-557j"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60424?format=json","purl":"pkg:gem/actionpack@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/60425?format=json","purl":"pkg:gem/actionpack@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.4"}],"aliases":["CVE-2009-3086","GHSA-fg9w-g6m4-557j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfbp-7umh-2fcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26991?format=json","vulnerability_id":"VCID-cs1f-uhb2-xkcm","summary":"actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in the simple_format helper in `actionpack/lib/action_view/helpers/text_helper.rb` in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6416","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46624","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6416"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/404","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/404"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6416","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6416"},{"reference_url":"https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036914","reference_id":"1036914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036914"},{"reference_url":"https://github.com/advisories/GHSA-w37c-q653-qg95","reference_id":"GHSA-w37c-q653-qg95","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w37c-q653-qg95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379219?format=json","purl":"pkg:gem/actionpack@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/320327?format=json","purl":"pkg:gem/actionpack@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/320357?format=json","purl":"pkg:gem/actionpack@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60332?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-6416","GHSA-w37c-q653-qg95","OSV-100526"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs1f-uhb2-xkcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7891?format=json","vulnerability_id":"VCID-dd87-gevs-juhe","summary":"Possible ReDoS vulnerability in query parameter filtering in Action Dispatch\nThere is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128.\n\nImpact\n------\n\nCarefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers on Ruby 3.2 are unaffected by this issue.\n\n\nCredits\n-------\n\nThanks to [scyoon](https://hackerone.com/scyoon) for the report and patches!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2024-41128","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://access.redhat.com/security/cve/cve-2024-41128"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41128","reference_id":"","reference_type":"","scores":[{"value":"0.00774","scoring_system":"epss","scoring_elements":"0.73902","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41128"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319036","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075"},{"reference_url":"https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef"},{"reference_url":"https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891"},{"reference_url":"https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41128","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41128"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376","reference_id":"1085376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376"},{"reference_url":"https://github.com/advisories/GHSA-x76w-6vjr-8xgj","reference_id":"GHSA-x76w-6vjr-8xgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x76w-6vjr-8xgj"},{"reference_url":"https://usn.ubuntu.com/7290-1/","reference_id":"USN-7290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20014?format=json","purl":"pkg:gem/actionpack@6.1.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/383480?format=json","purl":"pkg:gem/actionpack@7.0.0.alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/20015?format=json","purl":"pkg:gem/actionpack@7.0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/383673?format=json","purl":"pkg:gem/actionpack@7.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/20016?format=json","purl":"pkg:gem/actionpack@7.1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/38974?format=json","purl":"pkg:gem/actionpack@7.2.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/20017?format=json","purl":"pkg:gem/actionpack@7.2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/383949?format=json","purl":"pkg:gem/actionpack@8.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1"}],"aliases":["CVE-2024-41128","GHSA-x76w-6vjr-8xgj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dd87-gevs-juhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7792?format=json","vulnerability_id":"VCID-eeru-6pyc-8bcd","summary":"Possible ReDoS vulnerability in HTTP Token authentication in Action Controller\nThere is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887.\n\nImpact\n------\n\nFor applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers on Ruby 3.2 are unaffected by this issue.\n\n\nCredits\n-------\nThanks to [scyoon](https://hackerone.com/scyoon) for reporting","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47887","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56344","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376","reference_id":"1085376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319034","reference_id":"2319034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319034"},{"reference_url":"https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049","reference_id":"56b2fc3302836405b496e196a8d5fc0195e55049","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049"},{"reference_url":"https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a","reference_id":"7c1398854d51f9bb193fb79f226647351133d08a","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a"},{"reference_url":"https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545","reference_id":"8e057db25bff1dc7a98e9ae72e0083825b9ac545","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47887","reference_id":"CVE-2024-47887","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47887"},{"reference_url":"https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2","reference_id":"f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2"},{"reference_url":"https://github.com/advisories/GHSA-vfg9-r3fq-jvx4","reference_id":"GHSA-vfg9-r3fq-jvx4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfg9-r3fq-jvx4"},{"reference_url":"https://usn.ubuntu.com/7290-1/","reference_id":"USN-7290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20014?format=json","purl":"pkg:gem/actionpack@6.1.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/383480?format=json","purl":"pkg:gem/actionpack@7.0.0.alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/20015?format=json","purl":"pkg:gem/actionpack@7.0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/383673?format=json","purl":"pkg:gem/actionpack@7.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/20016?format=json","purl":"pkg:gem/actionpack@7.1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/38974?format=json","purl":"pkg:gem/actionpack@7.2.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/20017?format=json","purl":"pkg:gem/actionpack@7.2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/383949?format=json","purl":"pkg:gem/actionpack@8.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1"}],"aliases":["CVE-2024-47887","GHSA-vfg9-r3fq-jvx4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eeru-6pyc-8bcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26536?format=json","vulnerability_id":"VCID-ejgq-s79w-abd6","summary":"rails Cross-site Scripting vulnerability\nThe cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html"},{"reference_url":"http://openwall.com/lists/oss-security/2011/06/09/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/06/09/2"},{"reference_url":"http://openwall.com/lists/oss-security/2011/06/13/9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/06/13/9"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2197","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63551","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2197"},{"reference_url":"http://secunia.com/advisories/44789","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44789"},{"reference_url":"https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd"},{"reference_url":"https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2197","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2197"},{"reference_url":"http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications"},{"reference_url":"https://github.com/advisories/GHSA-v9v4-7jp6-8c73","reference_id":"GHSA-v9v4-7jp6-8c73","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v9v4-7jp6-8c73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60521?format=json","purl":"pkg:gem/actionpack@2.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.11"},{"url":"http://public2.vulnerablecode.io/api/packages/60270?format=json","purl":"pkg:gem/actionpack@2.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.12"},{"url":"http://public2.vulnerablecode.io/api/packages/379441?format=json","purl":"pkg:gem/actionpack@3.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/60271?format=json","purl":"pkg:gem/actionpack@3.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.8"}],"aliases":["CVE-2011-2197","GHSA-v9v4-7jp6-8c73"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejgq-s79w-abd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26961?format=json","vulnerability_id":"VCID-g13k-qvy7-q3fk","summary":"Rails actionpack gem vulnerable to Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in the `mail_to` helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0446","reference_id":"","reference_type":"","scores":[{"value":"0.0067","scoring_system":"epss","scoring_elements":"0.71678","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446"},{"reference_url":"http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43274"},{"reference_url":"http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43666"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217"},{"reference_url":"https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0446","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0446"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666"},{"reference_url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291"},{"reference_url":"https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064"},{"reference_url":"http://www.debian.org/security/2011/dsa-2247","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2247"},{"reference_url":"http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46291"},{"reference_url":"http://www.securitytracker.com/id?1025064","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025064"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0587","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0587"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864","reference_id":"614864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864"},{"reference_url":"https://github.com/advisories/GHSA-75w6-p6mg-vh8j","reference_id":"GHSA-75w6-p6mg-vh8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75w6-p6mg-vh8j"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60521?format=json","purl":"pkg:gem/actionpack@2.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.11"},{"url":"http://public2.vulnerablecode.io/api/packages/60488?format=json","purl":"pkg:gem/actionpack@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-fr3w-ejk8-47gw"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.4"}],"aliases":["CVE-2011-0446","GHSA-75w6-p6mg-vh8j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g13k-qvy7-q3fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27198?format=json","vulnerability_id":"VCID-g2a6-uem4-uuce","summary":"actionpack Cross-Site Request Forgery vulnerability\nRuby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage \"combinations of browser plugins and HTTP redirects,\" a related issue to CVE-2011-0696.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0447","reference_id":"","reference_type":"","scores":[{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.77177","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447"},{"reference_url":"http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43274"},{"reference_url":"http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43666"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034"},{"reference_url":"https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0447"},{"reference_url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291"},{"reference_url":"https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060"},{"reference_url":"http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails"},{"reference_url":"http://www.debian.org/security/2011/dsa-2247","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2247"},{"reference_url":"http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46291"},{"reference_url":"http://www.securitytracker.com/id?1025060","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025060"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0587","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0587"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864","reference_id":"614864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864"},{"reference_url":"https://github.com/advisories/GHSA-24fg-p96v-hxh8","reference_id":"GHSA-24fg-p96v-hxh8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-24fg-p96v-hxh8"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60521?format=json","purl":"pkg:gem/actionpack@2.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.11"},{"url":"http://public2.vulnerablecode.io/api/packages/60488?format=json","purl":"pkg:gem/actionpack@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-fr3w-ejk8-47gw"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.4"}],"aliases":["CVE-2011-0447","GHSA-24fg-p96v-hxh8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2a6-uem4-uuce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26735?format=json","vulnerability_id":"VCID-jpj6-wzp3-m3e4","summary":"actionpack Improper Input Validation vulnerability\n`actionpack/lib/action_view/template/text.rb` in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the `:text` option to the `render` method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"},{"reference_url":"http://openwall.com/lists/oss-security/2014/02/18/10","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/02/18/10"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0082","reference_id":"","reference_type":"","scores":[{"value":"0.06456","scoring_system":"epss","scoring_elements":"0.91211","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0082","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0082"},{"reference_url":"https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"},{"reference_url":"https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065538","reference_id":"1065538","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065538"},{"reference_url":"https://github.com/advisories/GHSA-7cgp-c3g7-qvrw","reference_id":"GHSA-7cgp-c3g7-qvrw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cgp-c3g7-qvrw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0215","reference_id":"RHSA-2014:0215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0306","reference_id":"RHSA-2014:0306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0306"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60423?format=json","purl":"pkg:gem/actionpack@3.2.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17"},{"url":"http://public2.vulnerablecode.io/api/packages/367302?format=json","purl":"pkg:gem/actionpack@4.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/320290?format=json","purl":"pkg:gem/actionpack@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5az9-zqff-5kav"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-8p57-4fhz-v3gh"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-hvua-jhzn-97fr"},{"vulnerability":"VCID-k651-yq6k-cyc9"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-p2yz-5pzq-nyag"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rnnm-ck7u-fydy"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0"}],"aliases":["CVE-2014-0082","GHSA-7cgp-c3g7-qvrw","OSV-103440"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpj6-wzp3-m3e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36078?format=json","vulnerability_id":"VCID-k6aw-heeb-wke2","summary":"ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795.\n\nVersions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1\n\nImpact\n\nA specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.\nReleases\n\nThe FIXED releases are available at the normal locations.\nWorkarounds\n\nWe recommend that all users upgrade to one of the FIXED versions. In the meantime, users can mitigate this vulnerability by using a load balancer or other device to filter out malicious If-None-Match headers before they reach the application.\n\nUsers on Ruby 3.2.0 or greater are not affected by this vulnerability.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    6-1-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 6.1 series\n    7-0-Avoid-regex-backtracking-on-If-None-Match-header.patch - Patch for 7.0 series\n\nPlease note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"0.01339","scoring_system":"epss","scoring_elements":"0.80309","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f"},{"reference_url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0"},{"reference_url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799","reference_id":"2164799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799"},{"reference_url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv","reference_id":"GHSA-8xww-x3g3-6jcv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383446?format=json","purl":"pkg:gem/actionpack@5.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/68359?format=json","purl":"pkg:gem/actionpack@6.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68361?format=json","purl":"pkg:gem/actionpack@7.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-ndth-atqq-53gq"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1"}],"aliases":["CVE-2023-22795","GHSA-8xww-x3g3-6jcv","GMS-2023-56"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6aw-heeb-wke2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42605?format=json","vulnerability_id":"VCID-kshz-ckjc-77ab","summary":"tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27777","reference_id":"","reference_type":"","scores":[{"value":"0.01409","scoring_system":"epss","scoring_elements":"0.80797","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27777","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27777"},{"reference_url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released"},{"reference_url":"https://www.debian.org/security/2023/dsa-5372","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982","reference_id":"1016982","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080296","reference_id":"2080296","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080296"},{"reference_url":"https://github.com/advisories/GHSA-ch3h-j2vf-95pv","reference_id":"GHSA-ch3h-j2vf-95pv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ch3h-j2vf-95pv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85019?format=json","purl":"pkg:gem/actionpack@5.2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/85020?format=json","purl":"pkg:gem/actionpack@6.0.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/85021?format=json","purl":"pkg:gem/actionpack@6.1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/85022?format=json","purl":"pkg:gem/actionpack@7.0.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-ndth-atqq-53gq"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-z277-4dtj-zfbz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.4"}],"aliases":["CVE-2022-27777","GHSA-ch3h-j2vf-95pv","GMS-2022-1138"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kshz-ckjc-77ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38171?format=json","vulnerability_id":"VCID-m9ud-s6w6-x7ac","summary":"actionpack: Possible XSS via User Supplied Values to redirect_to","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28362","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45261","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":""},{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441"},{"reference_url":"https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5"},{"reference_url":"https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28362","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28362"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250502-0009","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250502-0009"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058","reference_id":"1051058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217785","reference_id":"2217785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217785"},{"reference_url":"https://github.com/advisories/GHSA-4g8v-vg43-wpgf","reference_id":"GHSA-4g8v-vg43-wpgf","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/"}],"url":"https://github.com/advisories/GHSA-4g8v-vg43-wpgf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7851","reference_id":"RHSA-2023:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7851"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71978?format=json","purl":"pkg:gem/actionpack@6.1.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/71979?format=json","purl":"pkg:gem/actionpack@7.0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ndth-atqq-53gq"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.5.1"}],"aliases":["CVE-2023-28362","GHSA-4g8v-vg43-wpgf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9ud-s6w6-x7ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26600?format=json","vulnerability_id":"VCID-mnh7-4rvx-suay","summary":"Action Pack contains database-query restrictions bypass\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `[nil]` values, a related issue to CVE-2012-2694.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.3656","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b"},{"reference_url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml"},{"reference_url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827353","reference_id":"827353","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827353"},{"reference_url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf","reference_id":"GHSA-hgpp-pp89-4fgf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60340?format=json","purl":"pkg:gem/actionpack@2.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/60337?format=json","purl":"pkg:gem/actionpack@3.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/60338?format=json","purl":"pkg:gem/actionpack@3.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/60339?format=json","purl":"pkg:gem/actionpack@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4"}],"aliases":["CVE-2012-2660","GHSA-hgpp-pp89-4fgf","OSV-82610"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mnh7-4rvx-suay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45383?format=json","vulnerability_id":"VCID-n7ga-1sx4-yfcv","summary":"rubygem-actionpack: Possible Open Redirect Vulnerability in Action Pack","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22903","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2653","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22903"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.3.2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.3.2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0"},{"reference_url":"https://hackerone.com/reports/1148025","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1148025"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22903","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957438","reference_id":"1957438","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957438"},{"reference_url":"https://security.archlinux.org/AVG-1919","reference_id":"AVG-1919","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1919"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79596?format=json","purl":"pkg:gem/actionpack@6.1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-be5x-uyc6-sudm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-fdqs-v9b2-53gu"},{"vulnerability":"VCID-fgtd-zx7r-rygb"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-re7g-rxbm-dbd9"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2"}],"aliases":["CVE-2021-22903","GHSA-5hq2-xf89-9jxq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7ga-1sx4-yfcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27042?format=json","vulnerability_id":"VCID-n7kh-9mpq-13c7","summary":"Cross site scripting that affects rails\nCross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"},{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3009","reference_id":"","reference_type":"","scores":[{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.8221","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009"},{"reference_url":"http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/36600"},{"reference_url":"http://secunia.com/advisories/36717","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/36717"},{"reference_url":"http://securitytracker.com/id?1022824","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securitytracker.com/id?1022824"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53036"},{"reference_url":"https://github.com/advisories/GHSA-8qrh-h9m2-5fvf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qrh-h9m2-5fvf"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3009","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3009"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails"},{"reference_url":"http://www.debian.org/security/2009/dsa-1887","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2009/dsa-1887"},{"reference_url":"http://www.osvdb.org/57666","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.osvdb.org/57666"},{"reference_url":"http://www.securityfocus.com/bid/36278","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/36278"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=520843","reference_id":"520843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=520843"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","reference_id":"545063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60424?format=json","purl":"pkg:gem/actionpack@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/60425?format=json","purl":"pkg:gem/actionpack@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.4"}],"aliases":["CVE-2009-3009","GHSA-8qrh-h9m2-5fvf","OSV-57666"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7kh-9mpq-13c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26994?format=json","vulnerability_id":"VCID-nax4-x97j-9fgr","summary":"actionpack Improper Input Validation vulnerability\n`actionpack/lib/action_view/lookup_context.rb` in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98724","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/400","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/400"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6414"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6414"},{"reference_url":"https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836"},{"reference_url":"https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036483","reference_id":"1036483","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036483"},{"reference_url":"https://github.com/advisories/GHSA-mpxf-gcw2-pw5q","reference_id":"GHSA-mpxf-gcw2-pw5q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpxf-gcw2-pw5q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379219?format=json","purl":"pkg:gem/actionpack@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-baur-f442-wqgw"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/60329?format=json","purl":"pkg:gem/actionpack@3.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/60332?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-6414","GHSA-mpxf-gcw2-pw5q","OSV-100525"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nax4-x97j-9fgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7604?format=json","vulnerability_id":"VCID-nmz3-ux68-dkfd","summary":"Rails: Action Pack: Action Pack: Cross-Site Scripting (XSS) via improper exception message escaping","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33167","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06147","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/"}],"url":"https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0"},{"reference_url":"https://github.com/rails/rails/releases/tag/v8.1.2.1","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/"}],"url":"https://github.com/rails/rails/releases/tag/v8.1.2.1"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33167","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450552","reference_id":"2450552","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450552"},{"reference_url":"https://github.com/advisories/GHSA-pgm4-439c-5jp6","reference_id":"GHSA-pgm4-439c-5jp6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pgm4-439c-5jp6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56313?format=json","purl":"pkg:gem/actionpack@8.1.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.1.2.1"}],"aliases":["CVE-2026-33167","GHSA-pgm4-439c-5jp6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmz3-ux68-dkfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26598?format=json","vulnerability_id":"VCID-nnka-c23v-qub7","summary":"actionpack vulnerable to Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `number_to_currency` helper in `actionpack/lib/action_view/helpers/number_helper.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.8147","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/402","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/402"},{"reference_url":"https://github.com/advisories/GHSA-6h5q-96hp-9jgm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6h5q-96hp-9jgm"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6415"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6415"},{"reference_url":"https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036910","reference_id":"1036910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1036910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1794","reference_id":"RHSA-2013:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0008","reference_id":"RHSA-2014:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60329?format=json","purl":"pkg:gem/actionpack@3.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/60332?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-6415","GHSA-6h5q-96hp-9jgm","OSV-100524"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnka-c23v-qub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26741?format=json","vulnerability_id":"VCID-p1yd-keq8-rkh3","summary":"actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in the `strip_tags` helper in `actionpack/lib/action_controller/vendor/html-scanner/html/node.rb` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2931","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.7456","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2931"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731436","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931"},{"reference_url":"http://secunia.com/advisories/45921","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/45921"},{"reference_url":"https://github.com/advisories/GHSA-v5jg-558j-q67c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v5jg-558j-q67c"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2931","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2931"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60433?format=json","purl":"pkg:gem/actionpack@2.3.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/379426?format=json","purl":"pkg:gem/actionpack@2.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/60434?format=json","purl":"pkg:gem/actionpack@3.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.10"}],"aliases":["CVE-2011-2931","GHSA-v5jg-558j-q67c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1yd-keq8-rkh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9447?format=json","vulnerability_id":"VCID-qth9-abgp-wyaq","summary":"Possible Content Security Policy bypass in Action Dispatch\nThere is a possible Cross Site Scripting (XSS) vulnerability  in the `content_security_policy` helper in Action Pack.\n\nImpact\n------\nApplications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nApplications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.\n\nCredits\n-------\nThanks to [ryotak](https://hackerone.com/ryotak) for the report!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54133","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40653","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49"},{"reference_url":"https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a"},{"reference_url":"https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542"},{"reference_url":"https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54133","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54133"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250306-0010","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250306-0010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755","reference_id":"1089755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331619","reference_id":"2331619","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331619"},{"reference_url":"https://github.com/advisories/GHSA-vfm5-rmrh-j26v","reference_id":"GHSA-vfm5-rmrh-j26v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vfm5-rmrh-j26v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23690?format=json","purl":"pkg:gem/actionpack@7.0.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/383673?format=json","purl":"pkg:gem/actionpack@7.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/23702?format=json","purl":"pkg:gem/actionpack@7.1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/38974?format=json","purl":"pkg:gem/actionpack@7.2.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/23713?format=json","purl":"pkg:gem/actionpack@7.2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/383949?format=json","purl":"pkg:gem/actionpack@8.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/23724?format=json","purl":"pkg:gem/actionpack@8.0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmz3-ux68-dkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.1"}],"aliases":["CVE-2024-54133","GHSA-vfm5-rmrh-j26v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qth9-abgp-wyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26749?format=json","vulnerability_id":"VCID-r6mr-ay8d-nqdd","summary":"actionpack is vulnerable to denial of service via a crafted HTTP Accept header\nactionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0751","reference_id":"","reference_type":"","scores":[{"value":"0.08895","scoring_system":"epss","scoring_elements":"0.92689","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17"},{"reference_url":"https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6"},{"reference_url":"https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751"},{"reference_url":"https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800"},{"reference_url":"http://www.debian.org/security/2016/dsa-3464","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3464"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301946","reference_id":"1301946","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301946"},{"reference_url":"https://github.com/advisories/GHSA-ffpv-c4hm-3x6v","reference_id":"GHSA-ffpv-c4hm-3x6v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffpv-c4hm-3x6v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60449?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60450?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60448?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/367745?format=json","purl":"pkg:gem/actionpack@5.0.0.beta1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1"}],"aliases":["CVE-2016-0751","GHSA-ffpv-c4hm-3x6v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6mr-ay8d-nqdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26876?format=json","vulnerability_id":"VCID-rgw4-mrr9-euda","summary":"actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56331","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77"},{"reference_url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=847200","reference_id":"847200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=847200"},{"reference_url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5","reference_id":"GHSA-7g65-ghrg-hpf5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60340?format=json","purl":"pkg:gem/actionpack@2.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/60490?format=json","purl":"pkg:gem/actionpack@3.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/379452?format=json","purl":"pkg:gem/actionpack@3.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/60491?format=json","purl":"pkg:gem/actionpack@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/379461?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/60492?format=json","purl":"pkg:gem/actionpack@3.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8"}],"aliases":["CVE-2012-3465","GHSA-7g65-ghrg-hpf5","OSV-84513"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgw4-mrr9-euda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27073?format=json","vulnerability_id":"VCID-sg9h-7dqr-xugu","summary":"actionpack vulnerable to Path Traversal\nDirectory traversal vulnerability in `actionpack/lib/action_dispatch/middleware/static.rb` in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when `serve_static_assets` is enabled, allows remote attackers to determine the existence of files outside the application root via a `/..%2F` sequence.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7818","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44666","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818"},{"reference_url":"https://github.com/advisories/GHSA-29gr-w57f-rpfw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29gr-w57f-rpfw"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7818","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7818"},{"reference_url":"https://puppet.com/security/cve/cve-2014-7829","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2014-7829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1161499","reference_id":"1161499","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1161499"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934","reference_id":"770934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60559?format=json","purl":"pkg:gem/actionpack@3.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.20"},{"url":"http://public2.vulnerablecode.io/api/packages/60560?format=json","purl":"pkg:gem/actionpack@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/380905?format=json","purl":"pkg:gem/actionpack@4.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/60561?format=json","purl":"pkg:gem/actionpack@4.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/320317?format=json","purl":"pkg:gem/actionpack@4.2.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/60562?format=json","purl":"pkg:gem/actionpack@4.2.0.beta3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta3"}],"aliases":["CVE-2014-7818","GHSA-29gr-w57f-rpfw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sg9h-7dqr-xugu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10072?format=json","vulnerability_id":"VCID-v2hk-dfbe-5khc","summary":"Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n\nThere is a possible ReDoS vulnerability in the Accept header parsing routines\nof Action Dispatch. This vulnerability has been assigned the CVE identifier\nCVE-2024-26142.\n\nVersions Affected:  >= 7.1.0, < 7.1.3.1\nNot affected:       < 7.1.0\nFixed Versions:     7.1.3.1\n\nImpact\n------\nCarefully crafted Accept headers can cause Accept header parsing in Action\nDispatch to take an unexpected amount of time, possibly resulting in a DoS\nvulnerability.  All users running an affected release should either upgrade or\nuse one of the workarounds immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby\n3.2 or newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 7-1-accept-redox.patch - Patch for 7.1 series\n\nCredits\n-------\nThanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26142","reference_id":"","reference_type":"","scores":[{"value":"0.03542","scoring_system":"epss","scoring_elements":"0.87875","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26142"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26142","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26142"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266324","reference_id":"2266324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266324"},{"reference_url":"https://github.com/advisories/GHSA-jjhx-jhvp-74wq","reference_id":"GHSA-jjhx-jhvp-74wq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjhx-jhvp-74wq"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240503-0003/","reference_id":"ntap-20240503-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240503-0003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25784?format=json","purl":"pkg:gem/actionpack@7.1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1"}],"aliases":["CVE-2024-26142","GHSA-jjhx-jhvp-74wq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2hk-dfbe-5khc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27000?format=json","vulnerability_id":"VCID-v3u5-6bpb-qfgf","summary":"Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \\ (backslash) character, a similar issue to CVE-2014-7818.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7829","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50107","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829"},{"reference_url":"https://github.com/advisories/GHSA-h56m-vwxc-3qpw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h56m-vwxc-3qpw"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7829","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7829"},{"reference_url":"https://puppet.com/security/cve/cve-2014-7829","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2014-7829"},{"reference_url":"https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183"},{"reference_url":"http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1164659","reference_id":"1164659","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1164659"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934","reference_id":"770934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60545?format=json","purl":"pkg:gem/actionpack@3.2.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.21"},{"url":"http://public2.vulnerablecode.io/api/packages/367538?format=json","purl":"pkg:gem/actionpack@4.0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60546?format=json","purl":"pkg:gem/actionpack@4.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/380905?format=json","purl":"pkg:gem/actionpack@4.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/367539?format=json","purl":"pkg:gem/actionpack@4.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60544?format=json","purl":"pkg:gem/actionpack@4.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/320317?format=json","purl":"pkg:gem/actionpack@4.2.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/60547?format=json","purl":"pkg:gem/actionpack@4.2.0.beta4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta4"}],"aliases":["CVE-2014-7829","GHSA-h56m-vwxc-3qpw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3u5-6bpb-qfgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26731?format=json","vulnerability_id":"VCID-vhjv-9864-tbcs","summary":"actionpack Cross-site Scripting vulnerability\nThe sanitize helper in `lib/action_controller/vendor/html-scanner/html/sanitizer.rb` in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded `:` (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a `&#x3a;` sequence.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1857","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.7051","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1857","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1857"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921335","reference_id":"921335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921335"},{"reference_url":"https://github.com/advisories/GHSA-j838-vfpq-fmf2","reference_id":"GHSA-j838-vfpq-fmf2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j838-vfpq-fmf2"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60414?format=json","purl":"pkg:gem/actionpack@2.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/60415?format=json","purl":"pkg:gem/actionpack@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/60416?format=json","purl":"pkg:gem/actionpack@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13"}],"aliases":["CVE-2013-1857","GHSA-j838-vfpq-fmf2","OSV-91454"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhjv-9864-tbcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27197?format=json","vulnerability_id":"VCID-vs1a-m7ya-rue8","summary":"Rails vulnerable to Cross-site Scripting\nThere is an XSS vulnerability in the `number_to_currency`, `number_to_percentage` and `number_to_human` helpers in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0081.\n\nVersions Affected:  All.\nFixed Versions:     4.1.0.beta2, 4.0.3, 3.2.17.\n\nImpact\n------\nThese helpers allows users to nicely format a numeric value. Some of the parameters to the helper (format, negative_format and units) are not escaped correctly. Applications which pass user controlled data as one of these parameters are vulnerable to an XSS attack.\n\nAll users passing user controlled data to these parameters of the number helpers should either upgrade or use one of the workarounds immediately.\n\nReleases\n--------\nThe 4.1.0.rc1, 4.0.3 and 3.2.17 releases are available at the normal locations.\n\nWorkarounds\n-----------\n\nThe workaround for this issue is to escape the value passed to the parameter.\nFor example, replace code like this:\n\n```ruby\n<%= number_to_currency(1.02, format: params[:format]) %>\n```\n\nWith code like this\n\n```ruby\n<%= number_to_currency(1.02, format: h(params[:format])) %>\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* 4-1-beta-number_helpers_xss.patch - Patch for 4.1-beta series\n* 4-0-number_helpers_xss.patch - Patch for 4.0 series\n* 3-2-number_helpers_xss.patch - Patch for 3.2 series\n\nPlease note that only the 4.0.x and 3.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nCredits\n-------\n\nThanks to Kevin Reintjes for reporting the issue to us.\n\n-- \nAaron Patterson\nhttp://tenderlovemaking.com/","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"},{"reference_url":"http://openwall.com/lists/oss-security/2014/02/18/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/02/18/8"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0081","reference_id":"","reference_type":"","scores":[{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75766","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0081","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0081"},{"reference_url":"https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782"},{"reference_url":"https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647"},{"reference_url":"https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065520","reference_id":"1065520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065520"},{"reference_url":"https://github.com/advisories/GHSA-m46p-ggm5-5j83","reference_id":"GHSA-m46p-ggm5-5j83","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m46p-ggm5-5j83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0215","reference_id":"RHSA-2014:0215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0306","reference_id":"RHSA-2014:0306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0306"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60423?format=json","purl":"pkg:gem/actionpack@3.2.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17"},{"url":"http://public2.vulnerablecode.io/api/packages/60664?format=json","purl":"pkg:gem/actionpack@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/380905?format=json","purl":"pkg:gem/actionpack@4.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/60615?format=json","purl":"pkg:gem/actionpack@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m156-zkzd-57g9"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1"}],"aliases":["CVE-2014-0081","GHSA-m46p-ggm5-5j83","OSV-103439"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vs1a-m7ya-rue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26840?format=json","vulnerability_id":"VCID-y13c-awe3-2bc1","summary":"actionpack is vulnerable to remote bypass authentication\nThe http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7576","reference_id":"","reference_type":"","scores":[{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78538","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":""},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576"},{"reference_url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803"},{"reference_url":"http://www.debian.org/security/2016/dsa-3464","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3464"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/8","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301933","reference_id":"1301933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301933"},{"reference_url":"https://github.com/advisories/GHSA-p692-7mm3-3fxg","reference_id":"GHSA-p692-7mm3-3fxg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p692-7mm3-3fxg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60449?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60450?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-832g-x9kb-3bbx"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60448?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-brwd-e9kx-xuc2"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v4sh-tkkf-xfeh"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/367745?format=json","purl":"pkg:gem/actionpack@5.0.0.beta1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1"}],"aliases":["CVE-2015-7576","GHSA-p692-7mm3-3fxg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y13c-awe3-2bc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45388?format=json","vulnerability_id":"VCID-z16b-zfgu-13a9","summary":"rails: Possible DoS Vulnerability in Action Controller Token Authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22904","reference_id":"","reference_type":"","scores":[{"value":"0.03338","scoring_system":"epss","scoring_elements":"0.87506","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v5.2.4.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v5.2.4.6"},{"reference_url":"https://github.com/rails/rails/releases/tag/v5.2.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v5.2.6"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.0.3.7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.0.3.7"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.3.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.3.2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ"},{"reference_url":"https://hackerone.com/reports/1101125","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1101125"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22904","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22904"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210805-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210805-0009/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961379","reference_id":"1961379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961379"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214","reference_id":"988214","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214"},{"reference_url":"https://security.archlinux.org/AVG-1920","reference_id":"AVG-1920","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1920"},{"reference_url":"https://security.archlinux.org/AVG-1921","reference_id":"AVG-1921","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1921"},{"reference_url":"https://security.archlinux.org/AVG-2090","reference_id":"AVG-2090","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2090"},{"reference_url":"https://security.archlinux.org/AVG-2223","reference_id":"AVG-2223","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79599?format=json","purl":"pkg:gem/actionpack@5.2.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-be5x-uyc6-sudm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-re7g-rxbm-dbd9"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/79598?format=json","purl":"pkg:gem/actionpack@5.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-be5x-uyc6-sudm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-re7g-rxbm-dbd9"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/79594?format=json","purl":"pkg:gem/actionpack@6.0.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-be5x-uyc6-sudm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-fdqs-v9b2-53gu"},{"vulnerability":"VCID-fgtd-zx7r-rygb"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-re7g-rxbm-dbd9"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/79596?format=json","purl":"pkg:gem/actionpack@6.1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-b7z5-h1bw-tya9"},{"vulnerability":"VCID-be5x-uyc6-sudm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-fdqs-v9b2-53gu"},{"vulnerability":"VCID-fgtd-zx7r-rygb"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-re7g-rxbm-dbd9"},{"vulnerability":"VCID-v2hk-dfbe-5khc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2"}],"aliases":["CVE-2021-22904","GHSA-7wjx-3g7j-8584"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z16b-zfgu-13a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26868?format=json","vulnerability_id":"VCID-zapd-uts9-zfch","summary":"actionpack allows remote attackers to bypass intended access restrictions\n`actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0449","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68408","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0449"},{"reference_url":"http://secunia.com/advisories/43278","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43278"},{"reference_url":"http://securitytracker.com/id?1025061","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1025061"},{"reference_url":"https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b"},{"reference_url":"https://github.com/rails/rails/tree/main/actionpack","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/tree/main/actionpack"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0449","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0449"},{"reference_url":"https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061"},{"reference_url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://github.com/advisories/GHSA-4ww3-3rxj-8v6q","reference_id":"GHSA-4ww3-3rxj-8v6q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4ww3-3rxj-8v6q"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60488?format=json","purl":"pkg:gem/actionpack@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-123f-6px7-3qdg"},{"vulnerability":"VCID-1b9z-efz6-9fdu"},{"vulnerability":"VCID-1xbd-73qv-mff9"},{"vulnerability":"VCID-3edd-m27s-a3ek"},{"vulnerability":"VCID-3rn4-abmh-nkhv"},{"vulnerability":"VCID-4bzb-ft3d-dkgg"},{"vulnerability":"VCID-4w1v-z4zj-6ydp"},{"vulnerability":"VCID-58sa-6uag-z7hp"},{"vulnerability":"VCID-5a2t-fre4-zkay"},{"vulnerability":"VCID-5pfg-7ntp-eff4"},{"vulnerability":"VCID-5psk-hzaf-1kbz"},{"vulnerability":"VCID-6z21-pd9d-pfgk"},{"vulnerability":"VCID-8nkw-8mka-1ygk"},{"vulnerability":"VCID-98gu-r7wd-cuah"},{"vulnerability":"VCID-9gqn-8g4t-wfby"},{"vulnerability":"VCID-a6wp-n5yh-ybcv"},{"vulnerability":"VCID-b4sv-b9pz-r7er"},{"vulnerability":"VCID-bfbp-7umh-2fcp"},{"vulnerability":"VCID-cs1f-uhb2-xkcm"},{"vulnerability":"VCID-dd87-gevs-juhe"},{"vulnerability":"VCID-eeru-6pyc-8bcd"},{"vulnerability":"VCID-ejgq-s79w-abd6"},{"vulnerability":"VCID-fr3w-ejk8-47gw"},{"vulnerability":"VCID-g13k-qvy7-q3fk"},{"vulnerability":"VCID-g2a6-uem4-uuce"},{"vulnerability":"VCID-hh65-ycrj-d7gz"},{"vulnerability":"VCID-jpj6-wzp3-m3e4"},{"vulnerability":"VCID-k6aw-heeb-wke2"},{"vulnerability":"VCID-kshz-ckjc-77ab"},{"vulnerability":"VCID-m9ud-s6w6-x7ac"},{"vulnerability":"VCID-mnh7-4rvx-suay"},{"vulnerability":"VCID-n7ga-1sx4-yfcv"},{"vulnerability":"VCID-n7kh-9mpq-13c7"},{"vulnerability":"VCID-nax4-x97j-9fgr"},{"vulnerability":"VCID-nmz3-ux68-dkfd"},{"vulnerability":"VCID-nnka-c23v-qub7"},{"vulnerability":"VCID-p1yd-keq8-rkh3"},{"vulnerability":"VCID-qth9-abgp-wyaq"},{"vulnerability":"VCID-r6mr-ay8d-nqdd"},{"vulnerability":"VCID-rgw4-mrr9-euda"},{"vulnerability":"VCID-sg9h-7dqr-xugu"},{"vulnerability":"VCID-v2hk-dfbe-5khc"},{"vulnerability":"VCID-v3u5-6bpb-qfgf"},{"vulnerability":"VCID-vhjv-9864-tbcs"},{"vulnerability":"VCID-vs1a-m7ya-rue8"},{"vulnerability":"VCID-y13c-awe3-2bc1"},{"vulnerability":"VCID-z16b-zfgu-13a9"},{"vulnerability":"VCID-zapd-uts9-zfch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.4"}],"aliases":["CVE-2011-0449","GHSA-4ww3-3rxj-8v6q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zapd-uts9-zfch"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.0.1"}