{"url":"http://public2.vulnerablecode.io/api/packages/400707?format=json","purl":"pkg:gem/rails@0.8.0","type":"gem","namespace":"","name":"rails","version":"0.8.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.1.3","latest_non_vulnerable_version":"7.1.3.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9082?format=json","vulnerability_id":"VCID-2s57-9frf-4qhk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22904","reference_id":"","reference_type":"","scores":[{"value":"0.03338","scoring_system":"epss","scoring_elements":"0.87573","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v5.2.4.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v5.2.4.6"},{"reference_url":"https://github.com/rails/rails/releases/tag/v5.2.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v5.2.6"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.0.3.7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.0.3.7"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.3.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.3.2"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ"},{"reference_url":"https://hackerone.com/reports/1101125","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1101125"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22904","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22904"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210805-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0009/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210805-0009/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961379","reference_id":"1961379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961379"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214","reference_id":"988214","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214"},{"reference_url":"https://security.archlinux.org/AVG-1920","reference_id":"AVG-1920","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1920"},{"reference_url":"https://security.archlinux.org/AVG-1921","reference_id":"AVG-1921","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1921"},{"reference_url":"https://security.archlinux.org/AVG-2090","reference_id":"AVG-2090","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2090"},{"reference_url":"https://security.archlinux.org/AVG-2223","reference_id":"AVG-2223","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/505276?format=json","purl":"pkg:gem/rails@5.2.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fnx8-28wd-qqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/506558?format=json","purl":"pkg:gem/rails@5.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fnx8-28wd-qqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/505278?format=json","purl":"pkg:gem/rails@6.0.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fnx8-28wd-qqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/506559?format=json","purl":"pkg:gem/rails@6.1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-f5mb-arn4-skau"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-tnty-pw45-4ug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.3.2"}],"aliases":["CVE-2021-22904","GHSA-7wjx-3g7j-8584"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2s57-9frf-4qhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177877?format=json","vulnerability_id":"VCID-5426-pjkr-9udh","summary":"Several vulnerabilities were found in Ruby on Rails allowing for file\n    disclosure and theft of user credentials.","references":[{"reference_url":"http://bugs.gentoo.org/show_bug.cgi?id=195315","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.gentoo.org/show_bug.cgi?id=195315"},{"reference_url":"http://dev.rubyonrails.org/ticket/8371","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://dev.rubyonrails.org/ticket/8371"},{"reference_url":"http://osvdb.org/36378","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://osvdb.org/36378"},{"reference_url":"http://pastie.caboo.se/65550.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://pastie.caboo.se/65550.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3227","reference_id":"","reference_type":"","scores":[{"value":"0.13946","scoring_system":"epss","scoring_elements":"0.94488","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227"},{"reference_url":"http://secunia.com/advisories/25699","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/25699"},{"reference_url":"http://secunia.com/advisories/27657","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/27657"},{"reference_url":"http://secunia.com/advisories/27756","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/27756"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200711-17.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200711-17.xml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release"},{"reference_url":"http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release"},{"reference_url":"http://www.novell.com/linux/security/advisories/2007_24_sr.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/linux/security/advisories/2007_24_sr.html"},{"reference_url":"http://www.securityfocus.com/bid/24161","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/24161"},{"reference_url":"http://www.vupen.com/english/advisories/2007/2216","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2007/2216"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177","reference_id":"429177","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3227","reference_id":"CVE-2007-3227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3227"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt","reference_id":"CVE-2007-3227;OSVDB-36378","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt"},{"reference_url":"https://www.securityfocus.com/bid/24161/info","reference_id":"CVE-2007-3227;OSVDB-36378","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/24161/info"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml","reference_id":"CVE-2007-3227.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml"},{"reference_url":"https://github.com/advisories/GHSA-gm25-fpmr-43fj","reference_id":"GHSA-gm25-fpmr-43fj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gm25-fpmr-43fj"},{"reference_url":"https://security.gentoo.org/glsa/200711-17","reference_id":"GLSA-200711-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12957?format=json","purl":"pkg:gem/rails@1.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-6k5n-qveq-mkhj"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a67r-11ec-zffe"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fry8-r6k2-auf2"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-j5mt-ph5q-bqa6"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.5"}],"aliases":["CVE-2007-3227","GHSA-gm25-fpmr-43fj","OSV-36378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5426-pjkr-9udh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178535?format=json","vulnerability_id":"VCID-56hv-j97k-w3dr","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0446","reference_id":"","reference_type":"","scores":[{"value":"0.0067","scoring_system":"epss","scoring_elements":"0.7183","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446"},{"reference_url":"http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43274"},{"reference_url":"http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43666"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217"},{"reference_url":"https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666"},{"reference_url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291"},{"reference_url":"https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064"},{"reference_url":"http://www.debian.org/security/2011/dsa-2247","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2247"},{"reference_url":"http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46291"},{"reference_url":"http://www.securitytracker.com/id?1025064","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025064"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0587","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0587"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864","reference_id":"614864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0446","reference_id":"CVE-2011-0446","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0446"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml","reference_id":"CVE-2011-0446.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml","reference_id":"CVE-2011-0446.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml"},{"reference_url":"https://github.com/advisories/GHSA-75w6-p6mg-vh8j","reference_id":"GHSA-75w6-p6mg-vh8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75w6-p6mg-vh8j"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/389756?format=json","purl":"pkg:gem/rails@2.3.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.11"},{"url":"http://public2.vulnerablecode.io/api/packages/389757?format=json","purl":"pkg:gem/rails@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a6dm-ywkf-wkgh"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-en5b-axpg-eud2"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-mjpw-b5bt-9qgm"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-y17b-pzkn-j3c4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.4"}],"aliases":["CVE-2011-0446","GHSA-75w6-p6mg-vh8j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56hv-j97k-w3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200373?format=json","vulnerability_id":"VCID-6k5n-qveq-mkhj","summary":"rails is vulnerable to CRLF injection","references":[{"reference_url":"http://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/rails/rails"},{"reference_url":"http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5189","reference_id":"","reference_type":"","scores":[{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.57155","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189"},{"reference_url":"http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing"},{"reference_url":"http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=472510","reference_id":"472510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=472510"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5189","reference_id":"CVE-2008-5189","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5189"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml","reference_id":"CVE-2008-5189.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml"},{"reference_url":"https://github.com/advisories/GHSA-jmgf-p46x-982h","reference_id":"GHSA-jmgf-p46x-982h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmgf-p46x-982h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12921?format=json","purl":"pkg:gem/rails@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a67r-11ec-zffe"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fry8-r6k2-auf2"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-ryyh-3t4j-hygv"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-y17b-pzkn-j3c4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.0.5"}],"aliases":["CVE-2008-5189","GHSA-jmgf-p46x-982h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6k5n-qveq-mkhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109434?format=json","vulnerability_id":"VCID-6rc5-9gn7-tbbv","summary":"security update","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"},{"reference_url":"http://openwall.com/lists/oss-security/2014/02/18/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/02/18/8"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0081","reference_id":"","reference_type":"","scores":[{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75889","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4"},{"reference_url":"https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782"},{"reference_url":"https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647"},{"reference_url":"https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065520","reference_id":"1065520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065520"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0081","reference_id":"CVE-2014-0081","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0081"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml","reference_id":"CVE-2014-0081.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml","reference_id":"CVE-2014-0081.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml"},{"reference_url":"https://github.com/advisories/GHSA-m46p-ggm5-5j83","reference_id":"GHSA-m46p-ggm5-5j83","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m46p-ggm5-5j83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0215","reference_id":"RHSA-2014:0215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0306","reference_id":"RHSA-2014:0306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0306"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12705?format=json","purl":"pkg:gem/rails@3.2.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.17"},{"url":"http://public2.vulnerablecode.io/api/packages/12627?format=json","purl":"pkg:gem/rails@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/388104?format=json","purl":"pkg:gem/rails@4.1.0.beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.0.beta2"}],"aliases":["CVE-2014-0081","GHSA-m46p-ggm5-5j83","OSV-103439"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rc5-9gn7-tbbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/188712?format=json","vulnerability_id":"VCID-94u9-8r8a-rufw","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8162","reference_id":"","reference_type":"","scores":[{"value":"0.01549","scoring_system":"epss","scoring_elements":"0.8182","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://github.com/aws/aws-sdk-ruby","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aws/aws-sdk-ruby"},{"reference_url":"https://github.com/aws/aws-sdk-ruby/issues/2098","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/aws/aws-sdk-ruby/issues/2098"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ"},{"reference_url":"https://hackerone.com/reports/789579","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/789579"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843005","reference_id":"1843005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8162","reference_id":"CVE-2020-8162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8162"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml","reference_id":"CVE-2020-8162.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml"},{"reference_url":"https://github.com/advisories/GHSA-m42x-37p3-fv5w","reference_id":"GHSA-m42x-37p3-fv5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m42x-37p3-fv5w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/462417?format=json","purl":"pkg:gem/rails@5.2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/462428?format=json","purl":"pkg:gem/rails@6.0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1"}],"aliases":["CVE-2020-8162","GHSA-m42x-37p3-fv5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94u9-8r8a-rufw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177879?format=json","vulnerability_id":"VCID-a3af-9hvh-63b2","summary":"Several vulnerabilities were found in Ruby on Rails allowing for file\n    disclosure and theft of user credentials.","references":[{"reference_url":"http://bugs.gentoo.org/show_bug.cgi?id=195315","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.gentoo.org/show_bug.cgi?id=195315"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5380","reference_id":"","reference_type":"","scores":[{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90945","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380"},{"reference_url":"http://secunia.com/advisories/27657","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/27657"},{"reference_url":"http://secunia.com/advisories/27965","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/27965"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200711-17.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200711-17.xml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release"},{"reference_url":"http://www.novell.com/linux/security/advisories/2007_25_sr.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/linux/security/advisories/2007_25_sr.html"},{"reference_url":"http://www.securityfocus.com/bid/26096","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/26096"},{"reference_url":"http://www.vupen.com/english/advisories/2007/3508","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2007/3508"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5380","reference_id":"CVE-2007-5380","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5380"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml","reference_id":"CVE-2007-5380.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml"},{"reference_url":"https://github.com/advisories/GHSA-jwhv-rgqc-fqj5","reference_id":"GHSA-jwhv-rgqc-fqj5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jwhv-rgqc-fqj5"},{"reference_url":"https://security.gentoo.org/glsa/200711-17","reference_id":"GLSA-200711-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-17"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12930?format=json","purl":"pkg:gem/rails@1.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-5426-pjkr-9udh"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-6k5n-qveq-mkhj"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a67r-11ec-zffe"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fry8-r6k2-auf2"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-j5mt-ph5q-bqa6"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.4"}],"aliases":["CVE-2007-5380","GHSA-jwhv-rgqc-fqj5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3af-9hvh-63b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183408?format=json","vulnerability_id":"VCID-a67r-11ec-zffe","summary":"Multiple vulnerabilities have been discovered in Rails, the worst of which\n    leading to the execution of arbitrary SQL statements.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2422","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6133","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422"},{"reference_url":"http://secunia.com/advisories/35702","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/35702"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51528","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51528"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702"},{"reference_url":"https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579"},{"reference_url":"http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest"},{"reference_url":"http://www.securityfocus.com/bid/35579","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/35579"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1802","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/1802"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=509564","reference_id":"509564","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=509564"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896","reference_id":"535896","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2422","reference_id":"CVE-2009-2422","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2422"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml","reference_id":"CVE-2009-2422.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml"},{"reference_url":"https://github.com/advisories/GHSA-rxq3-gm4p-5fj4","reference_id":"GHSA-rxq3-gm4p-5fj4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rxq3-gm4p-5fj4"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12943?format=json","purl":"pkg:gem/rails@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-58mv-ca6x-ruh8"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bn9m-pqu3-bffj"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fry8-r6k2-auf2"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-ryyh-3t4j-hygv"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-y17b-pzkn-j3c4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.3"}],"aliases":["CVE-2009-2422","GHSA-rxq3-gm4p-5fj4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a67r-11ec-zffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7112?format=json","vulnerability_id":"VCID-a8d2-vazh-gqbz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5419","reference_id":"","reference_type":"","scores":[{"value":"0.12118","scoring_system":"epss","scoring_elements":"0.93966","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715"},{"reference_url":"https://github.com/rails/rails/pull/35708","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/pull/35708"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"},{"reference_url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689160","reference_id":"1689160","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689160"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520","reference_id":"924520","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5419","reference_id":"CVE-2019-5419","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5419"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml","reference_id":"CVE-2019-5419.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml"},{"reference_url":"https://github.com/advisories/GHSA-m63j-wh5w-c252","reference_id":"GHSA-m63j-wh5w-c252","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m63j-wh5w-c252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0796","reference_id":"RHSA-2019:0796","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1147","reference_id":"RHSA-2019:1147","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1149","reference_id":"RHSA-2019:1149","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1289","reference_id":"RHSA-2019:1289","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1289"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391048?format=json","purl":"pkg:gem/rails@4.2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/391049?format=json","purl":"pkg:gem/rails@5.0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/391050?format=json","purl":"pkg:gem/rails@5.1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.1.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/391051?format=json","purl":"pkg:gem/rails@5.2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.1"}],"aliases":["CVE-2019-5419","GHSA-m63j-wh5w-c252"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8d2-vazh-gqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8773?format=json","vulnerability_id":"VCID-ajy4-eqvj-4ydd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8167","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62845","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"},{"reference_url":"https://hackerone.com/reports/189878","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/189878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843084","reference_id":"1843084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843084"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8167","reference_id":"CVE-2020-8167","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8167"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml","reference_id":"CVE-2020-8167.YML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml"},{"reference_url":"https://github.com/advisories/GHSA-xq5j-gw7f-jgj8","reference_id":"GHSA-xq5j-gw7f-jgj8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xq5j-gw7f-jgj8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/462418?format=json","purl":"pkg:gem/rails@5.2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/462428?format=json","purl":"pkg:gem/rails@6.0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1"}],"aliases":["CVE-2020-8167","GHSA-xq5j-gw7f-jgj8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajy4-eqvj-4ydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/997?format=json","vulnerability_id":"VCID-akcz-6jhs-7bdq","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2097","reference_id":"","reference_type":"","scores":[{"value":"0.01912","scoring_system":"epss","scoring_elements":"0.83693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4"},{"reference_url":"https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122"},{"reference_url":"https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726"},{"reference_url":"https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3509","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310043","reference_id":"1310043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310043"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2097","reference_id":"CVE-2016-2097","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2097"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml","reference_id":"CVE-2016-2097.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml","reference_id":"CVE-2016-2097.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml"},{"reference_url":"https://github.com/advisories/GHSA-vx9j-46rh-fqr8","reference_id":"GHSA-vx9j-46rh-fqr8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vx9j-46rh-fqr8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0456","reference_id":"RHSA-2016:0456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388546?format=json","purl":"pkg:gem/rails@3.2.22.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.22.2"},{"url":"http://public2.vulnerablecode.io/api/packages/388547?format=json","purl":"pkg:gem/rails@4.1.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.14.2"}],"aliases":["CVE-2016-2097","GHSA-vx9j-46rh-fqr8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akcz-6jhs-7bdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8771?format=json","vulnerability_id":"VCID-b8tc-n7vg-wkdd","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8165","reference_id":"","reference_type":"","scores":[{"value":"0.90128","scoring_system":"epss","scoring_elements":"0.99606","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"},{"reference_url":"https://hackerone.com/reports/413388","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/413388"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250509-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250509-0002"},{"reference_url":"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843072","reference_id":"1843072","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843072"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8165","reference_id":"CVE-2020-8165","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8165"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml","reference_id":"CVE-2020-8165.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml"},{"reference_url":"https://github.com/advisories/GHSA-2p68-f74v-9wc6","reference_id":"GHSA-2p68-f74v-9wc6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2p68-f74v-9wc6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/462418?format=json","purl":"pkg:gem/rails@5.2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/462428?format=json","purl":"pkg:gem/rails@6.0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1"}],"aliases":["CVE-2020-8165","GHSA-2p68-f74v-9wc6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8tc-n7vg-wkdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8772?format=json","vulnerability_id":"VCID-bqps-e1sm-xkhe","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8166","reference_id":"","reference_type":"","scores":[{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63745","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843152","reference_id":"1843152","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843152"},{"reference_url":"https://hackerone.com/reports/732415","reference_id":"732415","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/"}],"url":"https://hackerone.com/reports/732415"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8166","reference_id":"CVE-2020-8166","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8166"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml","reference_id":"CVE-2020-8166.YML","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml"},{"reference_url":"https://www.debian.org/security/2020/dsa-4766","reference_id":"dsa-4766","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/"}],"url":"https://www.debian.org/security/2020/dsa-4766"},{"reference_url":"https://github.com/advisories/GHSA-jp5v-5gx4-jmj9","reference_id":"GHSA-jp5v-5gx4-jmj9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jp5v-5gx4-jmj9"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw","reference_id":"NOjKiGeXUgw","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/"}],"url":"https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/462418?format=json","purl":"pkg:gem/rails@5.2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/462428?format=json","purl":"pkg:gem/rails@6.0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1"}],"aliases":["CVE-2020-8166","GHSA-jp5v-5gx4-jmj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqps-e1sm-xkhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7111?format=json","vulnerability_id":"VCID-bz3f-a6me-a3hh","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5418","reference_id":"","reference_type":"","scores":[{"value":"0.94318","scoring_system":"epss","scoring_elements":"0.99953","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA"},{"reference_url":"https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released"},{"reference_url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418"},{"reference_url":"https://www.exploit-db.com/exploits/46585","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46585"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/03/22/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/03/22/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689159","reference_id":"1689159","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689159"},{"reference_url":"https://www.exploit-db.com/exploits/46585/","reference_id":"46585","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://www.exploit-db.com/exploits/46585/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520","reference_id":"924520","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py","reference_id":"CVE-2019-5418","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5418","reference_id":"CVE-2019-5418","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5418"},{"reference_url":"https://github.com/advisories/GHSA-86g5-2wh3-gc9j","reference_id":"GHSA-86g5-2wh3-gc9j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86g5-2wh3-gc9j"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html","reference_id":"msg00011.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html","reference_id":"msg00042.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"},{"reference_url":"https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q","reference_id":"pFRKI96Sm8Q","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q"},{"reference_url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/","reference_id":"Rails-4-2-5-1-5-1-6-2-have-been-released","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"},{"reference_url":"http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html","reference_id":"Rails-5.2.1-Arbitrary-File-Content-Disclosure.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0796","reference_id":"RHSA-2019:0796","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1147","reference_id":"RHSA-2019:1147","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1149","reference_id":"RHSA-2019:1149","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1289","reference_id":"RHSA-2019:1289","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1289"},{"reference_url":"https://usn.ubuntu.com/7646-1/","reference_id":"USN-7646-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7646-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/","reference_id":"Y43636TH4D6T46IC6N2RQVJTRFJAAYGA","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391048?format=json","purl":"pkg:gem/rails@4.2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/391049?format=json","purl":"pkg:gem/rails@5.0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/391050?format=json","purl":"pkg:gem/rails@5.1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.1.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/391051?format=json","purl":"pkg:gem/rails@5.2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.1"}],"aliases":["CVE-2019-5418","GHSA-86g5-2wh3-gc9j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bz3f-a6me-a3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183406?format=json","vulnerability_id":"VCID-cgfh-yfn7-7ke9","summary":"Multiple vulnerabilities have been discovered in Rails, the worst of which\n    leading to the execution of arbitrary SQL statements.","references":[{"reference_url":"http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1","reference_id":"","reference_type":"","scores":[],"url":"http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1"},{"reference_url":"http://gist.github.com/8946","reference_id":"","reference_type":"","scores":[],"url":"http://gist.github.com/8946"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"},{"reference_url":"http://rails.lighthouseapp.com/projects/8994/tickets/288","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rails.lighthouseapp.com/projects/8994/tickets/288"},{"reference_url":"http://rails.lighthouseapp.com/projects/8994/tickets/964","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rails.lighthouseapp.com/projects/8994/tickets/964"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4094","reference_id":"","reference_type":"","scores":[{"value":"0.03119","scoring_system":"epss","scoring_elements":"0.87131","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094"},{"reference_url":"http://secunia.com/advisories/31875","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31875"},{"reference_url":"http://secunia.com/advisories/31909","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31909"},{"reference_url":"http://secunia.com/advisories/31910","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31910"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45109","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45109"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645"},{"reference_url":"https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1"},{"reference_url":"https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch"},{"reference_url":"https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch"},{"reference_url":"https://web.archive.org/web/20081104151751/http://gist.github.com/8946","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081104151751/http://gist.github.com/8946"},{"reference_url":"https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875"},{"reference_url":"https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/"},{"reference_url":"https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909"},{"reference_url":"https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910"},{"reference_url":"https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562"},{"reference_url":"https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176"},{"reference_url":"https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871"},{"reference_url":"http://www.openwall.com/lists/oss-security/2008/09/13/2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2008/09/13/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2008/09/16/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2008/09/16/1"},{"reference_url":"http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter"},{"reference_url":"http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/","reference_id":"","reference_type":"","scores":[],"url":"http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/"},{"reference_url":"http://www.securityfocus.com/bid/31176","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/31176"},{"reference_url":"http://www.securitytracker.com/id?1020871","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020871"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2562","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791","reference_id":"500791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4094","reference_id":"CVE-2008-4094","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4094"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml","reference_id":"CVE-2008-4094.YML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml"},{"reference_url":"https://github.com/advisories/GHSA-xf96-32q2-9rw2","reference_id":"GHSA-xf96-32q2-9rw2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xf96-32q2-9rw2"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/389766?format=json","purl":"pkg:gem/rails@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-58mv-ca6x-ruh8"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a67r-11ec-zffe"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bn9m-pqu3-bffj"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-cab4-yeek-cfcw"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fry8-r6k2-auf2"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-ryyh-3t4j-hygv"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-y17b-pzkn-j3c4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.1.1"}],"aliases":["CVE-2008-4094","GHSA-xf96-32q2-9rw2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgfh-yfn7-7ke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208919?format=json","vulnerability_id":"VCID-d2nk-gbfb-v3g3","summary":"Cross site scripting in actionpack Rubygem","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1497","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56098","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1497"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG"},{"reference_url":"https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d"},{"reference_url":"https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6"},{"reference_url":"https://www.openwall.com/lists/oss-security/2011/04/06/13","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2011/04/06/13"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2015262","reference_id":"2015262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2015262"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1497","reference_id":"CVE-2011-1497","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1497"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml","reference_id":"CVE-2011-1497.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml"},{"reference_url":"https://github.com/advisories/GHSA-q58j-fmvf-9rq6","reference_id":"GHSA-q58j-fmvf-9rq6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q58j-fmvf-9rq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392415?format=json","purl":"pkg:gem/rails@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a6dm-ywkf-wkgh"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-en5b-axpg-eud2"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-mjpw-b5bt-9qgm"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-y17b-pzkn-j3c4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.6"}],"aliases":["CVE-2011-1497","GHSA-q58j-fmvf-9rq6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d2nk-gbfb-v3g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15120?format=json","vulnerability_id":"VCID-fnx8-28wd-qqgx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.80176","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f"},{"reference_url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0"},{"reference_url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799","reference_id":"2164799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799"},{"reference_url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv","reference_id":"GHSA-8xww-x3g3-6jcv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392929?format=json","purl":"pkg:gem/rails@6.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aa3d-r7aw-ykcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/392927?format=json","purl":"pkg:gem/rails@7.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6hkq-y2fb-skgq"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.4.1"}],"aliases":["CVE-2023-22795","GHSA-8xww-x3g3-6jcv","GMS-2023-56"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnx8-28wd-qqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183411?format=json","vulnerability_id":"VCID-fry8-r6k2-auf2","summary":"Multiple vulnerabilities have been discovered in Rails, the worst of which\n    leading to the execution of arbitrary SQL statements.","references":[{"reference_url":"http://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/rails/rails"},{"reference_url":"http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5"},{"reference_url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4214","reference_id":"","reference_type":"","scores":[{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.82318","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214"},{"reference_url":"http://secunia.com/advisories/37446","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/37446"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released"},{"reference_url":"http://www.debian.org/security/2011/dsa-2260","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2260"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/27/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/27/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/12/08/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/12/08/3"},{"reference_url":"http://www.securityfocus.com/bid/37142","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/37142"},{"reference_url":"http://www.securitytracker.com/id?1023245","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id?1023245"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3352","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/3352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=542786","reference_id":"542786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=542786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685","reference_id":"558685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-4214","reference_id":"CVE-2009-4214","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-4214"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml","reference_id":"CVE-2009-4214.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml"},{"reference_url":"https://github.com/advisories/GHSA-9p3v-wf2w-v29c","reference_id":"GHSA-9p3v-wf2w-v29c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9p3v-wf2w-v29c"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12911?format=json","purl":"pkg:gem/rails@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-58mv-ca6x-ruh8"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a67r-11ec-zffe"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bn9m-pqu3-bffj"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-ryyh-3t4j-hygv"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-y17b-pzkn-j3c4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/12945?format=json","purl":"pkg:gem/rails@2.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-58mv-ca6x-ruh8"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"},{"vulnerability":"VCID-y17b-pzkn-j3c4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.5"}],"aliases":["CVE-2009-4214","GHSA-9p3v-wf2w-v29c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fry8-r6k2-auf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182?format=json","vulnerability_id":"VCID-gyq7-xde5-sfea","summary":"","references":[{"reference_url":"http://osvdb.org/show/osvdb/106704","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/show/osvdb/106704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0510","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1863","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1863"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0130","reference_id":"","reference_type":"","scores":[{"value":"0.5271","scoring_system":"epss","scoring_elements":"0.98002","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0130"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1095105","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1095105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk"},{"reference_url":"https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244"},{"reference_url":"https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"},{"reference_url":"https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130"},{"reference_url":"http://www.securityfocus.com/bid/67244","reference_id":"67244","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/"}],"url":"http://www.securityfocus.com/bid/67244"},{"reference_url":"http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf","reference_id":"AnatomyOfRailsVuln-CVE-2014-0130.pdf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/"}],"url":"http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-0130","reference_id":"CVE-2014-0130","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-0130"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0130","reference_id":"CVE-2014-0130","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0130"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml","reference_id":"CVE-2014-0130.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml"},{"reference_url":"https://github.com/advisories/GHSA-6x85-j5j2-27jx","reference_id":"GHSA-6x85-j5j2-27jx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6x85-j5j2-27jx"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ","reference_id":"NxW_PDBSG3AJ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/"}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"RHSA-2014-1863.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388160?format=json","purl":"pkg:gem/rails@3.2.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.18"},{"url":"http://public2.vulnerablecode.io/api/packages/388161?format=json","purl":"pkg:gem/rails@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/388162?format=json","purl":"pkg:gem/rails@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-214c-rjny-9ud4"},{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-hfz8-rhgw-hydt"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-tp7w-62cp-2yhr"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.1"}],"aliases":["CVE-2014-0130","GHSA-6x85-j5j2-27jx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyq7-xde5-sfea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183405?format=json","vulnerability_id":"VCID-j5mt-ph5q-bqa6","summary":"Multiple vulnerabilities have been discovered in Rails, the worst of which\n    leading to the execution of arbitrary SQL statements.","references":[{"reference_url":"http://dev.rubyonrails.org/changeset/8177","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://dev.rubyonrails.org/changeset/8177"},{"reference_url":"http://dev.rubyonrails.org/ticket/10048","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://dev.rubyonrails.org/ticket/10048"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6077","reference_id":"","reference_type":"","scores":[{"value":"0.03262","scoring_system":"epss","scoring_elements":"0.87436","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077"},{"reference_url":"http://secunia.com/advisories/27781","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/27781"},{"reference_url":"https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release"},{"reference_url":"http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release"},{"reference_url":"http://www.securityfocus.com/bid/26598","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/26598"},{"reference_url":"http://www.vupen.com/english/advisories/2007/4009","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2007/4009"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748","reference_id":"452748","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6077","reference_id":"CVE-2007-6077","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6077"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml","reference_id":"CVE-2007-6077.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml"},{"reference_url":"https://github.com/advisories/GHSA-p4c6-77gc-694x","reference_id":"GHSA-p4c6-77gc-694x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p4c6-77gc-694x"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12968?format=json","purl":"pkg:gem/rails@1.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-6k5n-qveq-mkhj"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a67r-11ec-zffe"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fry8-r6k2-auf2"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.6"}],"aliases":["CVE-2007-6077","GHSA-p4c6-77gc-694x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5mt-ph5q-bqa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8770?format=json","vulnerability_id":"VCID-kqsm-qvtq-4kc6","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8164","reference_id":"","reference_type":"","scores":[{"value":"0.07389","scoring_system":"epss","scoring_elements":"0.91913","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"},{"reference_url":"https://hackerone.com/reports/292797","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/292797"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842634","reference_id":"1842634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842634"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8164","reference_id":"CVE-2020-8164","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8164"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml","reference_id":"CVE-2020-8164.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml"},{"reference_url":"https://github.com/advisories/GHSA-8727-m6gj-mc37","reference_id":"GHSA-8727-m6gj-mc37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8727-m6gj-mc37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/462418?format=json","purl":"pkg:gem/rails@5.2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/462428?format=json","purl":"pkg:gem/rails@6.0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-4j57-xdw3-a7em"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-aa3d-r7aw-ykcp"},{"vulnerability":"VCID-fhjg-crvh-myhd"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-jyvd-yu2u-rucu"},{"vulnerability":"VCID-m1pe-q2r4-zfap"},{"vulnerability":"VCID-mepe-vuu9-g3gd"},{"vulnerability":"VCID-uzrf-6puc-kygc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1"}],"aliases":["CVE-2020-8164","GHSA-8727-m6gj-mc37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsm-qvtq-4kc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177878?format=json","vulnerability_id":"VCID-psh3-jce4-9kcu","summary":"Several vulnerabilities were found in Ruby on Rails allowing for file\n    disclosure and theft of user credentials.","references":[{"reference_url":"http://bugs.gentoo.org/show_bug.cgi?id=195315","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.gentoo.org/show_bug.cgi?id=195315"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5379","reference_id":"","reference_type":"","scores":[{"value":"0.06784","scoring_system":"epss","scoring_elements":"0.91518","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5379"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200711-17.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200711-17.xml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release"},{"reference_url":"https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453"},{"reference_url":"http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release"},{"reference_url":"http://www.vupen.com/english/advisories/2007/3508","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2007/3508"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5379","reference_id":"CVE-2007-5379","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5379"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml","reference_id":"CVE-2007-5379.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml"},{"reference_url":"https://github.com/advisories/GHSA-fjfg-q662-gm6j","reference_id":"GHSA-fjfg-q662-gm6j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fjfg-q662-gm6j"},{"reference_url":"https://security.gentoo.org/glsa/200711-17","reference_id":"GLSA-200711-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12930?format=json","purl":"pkg:gem/rails@1.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-5426-pjkr-9udh"},{"vulnerability":"VCID-56hv-j97k-w3dr"},{"vulnerability":"VCID-6k5n-qveq-mkhj"},{"vulnerability":"VCID-6rc5-9gn7-tbbv"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a67r-11ec-zffe"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-akcz-6jhs-7bdq"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-cgfh-yfn7-7ke9"},{"vulnerability":"VCID-d2nk-gbfb-v3g3"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-fry8-r6k2-auf2"},{"vulnerability":"VCID-gyq7-xde5-sfea"},{"vulnerability":"VCID-j5mt-ph5q-bqa6"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-vazh-rc42-puhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.4"}],"aliases":["CVE-2007-5379","GHSA-fjfg-q662-gm6j","OSV-40717"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psh3-jce4-9kcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8769?format=json","vulnerability_id":"VCID-vazh-rc42-puhy","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8163","reference_id":"","reference_type":"","scores":[{"value":"0.91071","scoring_system":"epss","scoring_elements":"0.99659","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0"},{"reference_url":"https://hackerone.com/reports/304805","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/304805"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848724","reference_id":"1848724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848724"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb","reference_id":"CVE-2020-8163","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8163","reference_id":"CVE-2020-8163","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8163"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml","reference_id":"CVE-2020-8163.YML","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml"},{"reference_url":"https://github.com/advisories/GHSA-cr3x-7m39-c6jq","reference_id":"GHSA-cr3x-7m39-c6jq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr3x-7m39-c6jq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388509?format=json","purl":"pkg:gem/rails@5.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s57-9frf-4qhk"},{"vulnerability":"VCID-2uka-fwza-dyfc"},{"vulnerability":"VCID-3e1p-t61q-xfft"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-94u9-8r8a-rufw"},{"vulnerability":"VCID-a8d2-vazh-gqbz"},{"vulnerability":"VCID-ajy4-eqvj-4ydd"},{"vulnerability":"VCID-b8tc-n7vg-wkdd"},{"vulnerability":"VCID-bqps-e1sm-xkhe"},{"vulnerability":"VCID-bz3f-a6me-a3hh"},{"vulnerability":"VCID-fnx8-28wd-qqgx"},{"vulnerability":"VCID-kqsm-qvtq-4kc6"},{"vulnerability":"VCID-usqn-hb81-pyf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.1"}],"aliases":["CVE-2020-8163","GHSA-cr3x-7m39-c6jq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vazh-rc42-puhy"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rails@0.8.0"}