{"url":"http://public2.vulnerablecode.io/api/packages/382049?format=json","purl":"pkg:gem/activerecord@4.1.10","type":"gem","namespace":"","name":"activerecord","version":"4.1.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.1.5.2","latest_non_vulnerable_version":"8.0.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26791?format=json","vulnerability_id":"VCID-cbdn-yhbu-5uaj","summary":"ActiveRecord in Ruby on Rails allows database-query bypass\nActive Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6317","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59771","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6317","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6317"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/08/11/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/08/11/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365017","reference_id":"1365017","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365017"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154","reference_id":"834154","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154"},{"reference_url":"https://github.com/advisories/GHSA-pr3r-4wrp-r2pv","reference_id":"GHSA-pr3r-4wrp-r2pv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr3r-4wrp-r2pv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1855","reference_id":"RHSA-2016:1855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1855"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60475?format=json","purl":"pkg:gem/activerecord@4.2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dbvw-1xvz-63b8"},{"vulnerability":"VCID-dp3h-z1zs-ufba"},{"vulnerability":"VCID-enf4-jrzh-nyac"},{"vulnerability":"VCID-er3j-4ygz-kqdx"},{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-wz1m-798r-8yez"},{"vulnerability":"VCID-xmwx-eqjn-pba9"},{"vulnerability":"VCID-xnj2-tbzn-tff6"},{"vulnerability":"VCID-y922-r53a-rke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.7.1"}],"aliases":["CVE-2016-6317","GHSA-pr3r-4wrp-r2pv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbdn-yhbu-5uaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26777?format=json","vulnerability_id":"VCID-dbvw-1xvz-63b8","summary":"activerecord vulnerable to SQL Injection\nThe Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2695","reference_id":"","reference_type":"","scores":[{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70807","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2695"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2695","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2695"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=831573","reference_id":"831573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=831573"},{"reference_url":"https://github.com/advisories/GHSA-76wq-xw4h-f8wj","reference_id":"GHSA-76wq-xw4h-f8wj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-76wq-xw4h-f8wj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0154","reference_id":"RHSA-2013:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0154"}],"fixed_packages":[],"aliases":["CVE-2012-2695","GHSA-76wq-xw4h-f8wj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbvw-1xvz-63b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41863?format=json","vulnerability_id":"VCID-dp3h-z1zs-ufba","summary":"activerecord: Possible RCE escalation bug with Serialized Columns in Active Record","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32224","reference_id":"","reference_type":"","scores":[{"value":"0.01897","scoring_system":"epss","scoring_elements":"0.83531","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3hhc-qp5v-9p2j","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/"}],"url":"https://github.com/advisories/GHSA-3hhc-qp5v-9p2j"},{"reference_url":"https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a"},{"reference_url":"https://github.com/rails/rails/commits/main/activerecord","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commits/main/activerecord"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/"}],"url":"https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32224","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32224"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140","reference_id":"1016140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108997","reference_id":"2108997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108997"},{"reference_url":"https://security.gentoo.org/glsa/202408-24","reference_id":"GLSA-202408-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0261","reference_id":"RHSA-2023:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1151","reference_id":"RHSA-2023:1151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89013?format=json","purl":"pkg:gem/activerecord@5.2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/384767?format=json","purl":"pkg:gem/activerecord@6.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/89010?format=json","purl":"pkg:gem/activerecord@6.0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-whvz-g2g9-auek"},{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/384797?format=json","purl":"pkg:gem/activerecord@6.1.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/89009?format=json","purl":"pkg:gem/activerecord@6.1.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-whvz-g2g9-auek"},{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/384824?format=json","purl":"pkg:gem/activerecord@7.0.0.alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.0.alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/89008?format=json","purl":"pkg:gem/activerecord@7.0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-whvz-g2g9-auek"},{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1"}],"aliases":["CVE-2022-32224","GHSA-3hhc-qp5v-9p2j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dp3h-z1zs-ufba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27190?format=json","vulnerability_id":"VCID-er3j-4ygz-kqdx","summary":"activerecord vulnerable to SQL Injection\nMultiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2930","reference_id":"","reference_type":"","scores":[{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76726","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2930"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731438","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2930","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2930"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://github.com/advisories/GHSA-h6w6-xmqv-7q78","reference_id":"GHSA-h6w6-xmqv-7q78","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6w6-xmqv-7q78"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-2930","GHSA-h6w6-xmqv-7q78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-er3j-4ygz-kqdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36142?format=json","vulnerability_id":"VCID-nzb9-vn9k-jbgs","summary":"Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter\nThere is a potential denial of service vulnerability present in ActiveRecord's PostgreSQL adapter.\n\nThis has been assigned the CVE identifier CVE-2022-44566.\n\nVersions Affected: All. Not affected: None.\n\n## Fixed Versions\n\n- 2.3.18.47 (Rails LTS, which is a paid service and not part of the rubygem)\n- 3.2.22.34 (Rails LTS, which is a paid service and not part of the rubygem)\n- 4.2.11.27 (Rails LTS, which is a paid service and not part of the rubygem)\n- 5.2.8.15 (Rails LTS, which is a paid service and not part of the rubygem)\n- 6.1.7.1\n- 7.0.4.1\n\n## Impact\n\nIn ActiveRecord < 7.0.4.1 and < 6.1.7.1, when a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.\n\n## Releases\n\nThe fixed releases are available at the normal locations.\n\n## Workarounds\n\nEnsure that user supplied input which is provided to ActiveRecord clauses do not contain integers wider than a signed 64bit representation or floats. \n\n## Patches\n\nTo aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our maintenance policy 1 regarding security issues. They are in git-am format and consist of a single changeset.\n\n 6-1-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 6.1 series\n 7-0-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 7.0 series","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44566","reference_id":"","reference_type":"","scores":[{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81686","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44566"},{"reference_url":"https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/"}],"url":"https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf"},{"reference_url":"https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml"},{"reference_url":"https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid"},{"reference_url":"https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44566","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44566"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164789","reference_id":"2164789","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164789"},{"reference_url":"https://github.com/advisories/GHSA-579w-22j4-4749","reference_id":"GHSA-579w-22j4-4749","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-579w-22j4-4749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68458?format=json","purl":"pkg:gem/activerecord@6.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68459?format=json","purl":"pkg:gem/activerecord@7.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1"}],"aliases":["CVE-2022-44566","GHSA-579w-22j4-4749","GMS-2023-59"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzb9-vn9k-jbgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26694?format=json","vulnerability_id":"VCID-q8un-ngwx-5kaw","summary":"Active Record Improper Access Control\n`activerecord/lib/active_record/nested_attributes.rb` in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7577","reference_id":"","reference_type":"","scores":[{"value":"0.01209","scoring_system":"epss","scoring_elements":"0.79277","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7577","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7577"},{"reference_url":"http://www.debian.org/security/2016/dsa-3464","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3464"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/10","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301957","reference_id":"1301957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301957"},{"reference_url":"https://github.com/advisories/GHSA-xrr6-3pc4-m447","reference_id":"GHSA-xrr6-3pc4-m447","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrr6-3pc4-m447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60374?format=json","purl":"pkg:gem/activerecord@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbdn-yhbu-5uaj"},{"vulnerability":"VCID-dbvw-1xvz-63b8"},{"vulnerability":"VCID-dp3h-z1zs-ufba"},{"vulnerability":"VCID-er3j-4ygz-kqdx"},{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-wz1m-798r-8yez"},{"vulnerability":"VCID-xmwx-eqjn-pba9"},{"vulnerability":"VCID-xnj2-tbzn-tff6"},{"vulnerability":"VCID-y922-r53a-rke5"},{"vulnerability":"VCID-zuwm-kmb2-23ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60375?format=json","purl":"pkg:gem/activerecord@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbdn-yhbu-5uaj"},{"vulnerability":"VCID-dbvw-1xvz-63b8"},{"vulnerability":"VCID-dp3h-z1zs-ufba"},{"vulnerability":"VCID-enf4-jrzh-nyac"},{"vulnerability":"VCID-er3j-4ygz-kqdx"},{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-wz1m-798r-8yez"},{"vulnerability":"VCID-xmwx-eqjn-pba9"},{"vulnerability":"VCID-xnj2-tbzn-tff6"},{"vulnerability":"VCID-y922-r53a-rke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60377?format=json","purl":"pkg:gem/activerecord@5.0.0.beta1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dbvw-1xvz-63b8"},{"vulnerability":"VCID-dp3h-z1zs-ufba"},{"vulnerability":"VCID-enf4-jrzh-nyac"},{"vulnerability":"VCID-er3j-4ygz-kqdx"},{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-wz1m-798r-8yez"},{"vulnerability":"VCID-xmwx-eqjn-pba9"},{"vulnerability":"VCID-xnj2-tbzn-tff6"},{"vulnerability":"VCID-y922-r53a-rke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.0.0.beta1.1"}],"aliases":["CVE-2015-7577","GHSA-xrr6-3pc4-m447"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8un-ngwx-5kaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26524?format=json","vulnerability_id":"VCID-wz1m-798r-8yez","summary":"Rails ActiveRecord gem vulnerable to SQL injection\nMultiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) `:limit` and (2) `:offset` parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.","references":[{"reference_url":"http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1","reference_id":"","reference_type":"","scores":[],"url":"http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1"},{"reference_url":"http://gist.github.com/8946","reference_id":"","reference_type":"","scores":[],"url":"http://gist.github.com/8946"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"},{"reference_url":"http://rails.lighthouseapp.com/projects/8994/tickets/288","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rails.lighthouseapp.com/projects/8994/tickets/288"},{"reference_url":"http://rails.lighthouseapp.com/projects/8994/tickets/964","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rails.lighthouseapp.com/projects/8994/tickets/964"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4094","reference_id":"","reference_type":"","scores":[{"value":"0.03119","scoring_system":"epss","scoring_elements":"0.87063","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094"},{"reference_url":"http://secunia.com/advisories/31875","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31875"},{"reference_url":"http://secunia.com/advisories/31909","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31909"},{"reference_url":"http://secunia.com/advisories/31910","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31910"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45109","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45109"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4094","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4094"},{"reference_url":"https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1"},{"reference_url":"https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch"},{"reference_url":"https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch"},{"reference_url":"https://web.archive.org/web/20081104151751/http://gist.github.com/8946","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081104151751/http://gist.github.com/8946"},{"reference_url":"https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875"},{"reference_url":"https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/"},{"reference_url":"https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909"},{"reference_url":"https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910"},{"reference_url":"https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562"},{"reference_url":"https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176"},{"reference_url":"https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871"},{"reference_url":"http://www.openwall.com/lists/oss-security/2008/09/13/2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2008/09/13/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2008/09/16/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2008/09/16/1"},{"reference_url":"http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter"},{"reference_url":"http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/","reference_id":"","reference_type":"","scores":[],"url":"http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/"},{"reference_url":"http://www.securityfocus.com/bid/31176","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/31176"},{"reference_url":"http://www.securitytracker.com/id?1020871","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020871"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2562","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791","reference_id":"500791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791"},{"reference_url":"https://github.com/advisories/GHSA-xf96-32q2-9rw2","reference_id":"GHSA-xf96-32q2-9rw2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xf96-32q2-9rw2"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[],"aliases":["CVE-2008-4094","GHSA-xf96-32q2-9rw2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wz1m-798r-8yez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27199?format=json","vulnerability_id":"VCID-xmwx-eqjn-pba9","summary":"Rails activerecord gem has Improper Input Validation vulnerability\nRuby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3933","reference_id":"","reference_type":"","scores":[{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72613","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3933"},{"reference_url":"http://secunia.com/advisories/41930","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/41930"},{"reference_url":"http://securitytracker.com/id?1024624","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1024624"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae"},{"reference_url":"https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3933","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3933"},{"reference_url":"https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930"},{"reference_url":"https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624"},{"reference_url":"http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2719","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/2719"},{"reference_url":"https://github.com/advisories/GHSA-gjxw-5w2q-7grf","reference_id":"GHSA-gjxw-5w2q-7grf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjxw-5w2q-7grf"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2010-3933","GHSA-gjxw-5w2q-7grf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmwx-eqjn-pba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18990?format=json","vulnerability_id":"VCID-xnj2-tbzn-tff6","summary":"activerecord: Active Record ANSI Injection Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55193","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55181","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290"},{"reference_url":"https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b"},{"reference_url":"https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55193","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55193"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106","reference_id":"1111106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388446","reference_id":"2388446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388446"},{"reference_url":"https://github.com/advisories/GHSA-76r7-hhxj-r776","reference_id":"GHSA-76r7-hhxj-r776","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-76r7-hhxj-r776"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64362?format=json","purl":"pkg:gem/activerecord@7.1.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/384869?format=json","purl":"pkg:gem/activerecord@7.2.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/64361?format=json","purl":"pkg:gem/activerecord@7.2.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/384878?format=json","purl":"pkg:gem/activerecord@8.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xnj2-tbzn-tff6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/64360?format=json","purl":"pkg:gem/activerecord@8.0.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1"}],"aliases":["CVE-2025-55193","GHSA-76r7-hhxj-r776"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xnj2-tbzn-tff6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26676?format=json","vulnerability_id":"VCID-y922-r53a-rke5","summary":"activerecord vulnerable to SQL Injection\nRuby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0448","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72088","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0448"},{"reference_url":"http://secunia.com/advisories/43278","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43278"},{"reference_url":"http://securitytracker.com/id?1025063","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1025063"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0448","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0448"},{"reference_url":"https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063"},{"reference_url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://github.com/advisories/GHSA-jmm9-2p29-vh2w","reference_id":"GHSA-jmm9-2p29-vh2w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmm9-2p29-vh2w"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-0448","GHSA-jmm9-2p29-vh2w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y922-r53a-rke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54583?format=json","vulnerability_id":"VCID-zuwm-kmb2-23ay","summary":"Active Record component in Ruby on Rails has a data-type injection vulnerability\nThe Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the \"typed XML\" feature and a MySQL database.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2013/02/06/7","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2013/02/06/7"},{"reference_url":"http://openwall.com/lists/oss-security/2013/04/24/7","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2013/04/24/7"},{"reference_url":"http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3221","reference_id":"","reference_type":"","scores":[{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65482","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3221","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3221"},{"reference_url":"https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=954365","reference_id":"954365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=954365"},{"reference_url":"https://github.com/advisories/GHSA-f57c-hx33-hvh8","reference_id":"GHSA-f57c-hx33-hvh8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f57c-hx33-hvh8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106451?format=json","purl":"pkg:gem/activerecord@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-azcf-s1ys-8qh5"},{"vulnerability":"VCID-cbdn-yhbu-5uaj"},{"vulnerability":"VCID-dbvw-1xvz-63b8"},{"vulnerability":"VCID-dp3h-z1zs-ufba"},{"vulnerability":"VCID-enf4-jrzh-nyac"},{"vulnerability":"VCID-er3j-4ygz-kqdx"},{"vulnerability":"VCID-nzb9-vn9k-jbgs"},{"vulnerability":"VCID-q8un-ngwx-5kaw"},{"vulnerability":"VCID-r9dt-jbb6-sqda"},{"vulnerability":"VCID-wz1m-798r-8yez"},{"vulnerability":"VCID-xmwx-eqjn-pba9"},{"vulnerability":"VCID-xnj2-tbzn-tff6"},{"vulnerability":"VCID-y922-r53a-rke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.0"}],"aliases":["CVE-2013-3221","GHSA-f57c-hx33-hvh8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zuwm-kmb2-23ay"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.10"}