Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@5.1.3.rc2
Typegem
Namespace
Nameactionpack
Version5.1.3.rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.1.2.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-2s57-9frf-4qhk
vulnerability_id VCID-2s57-9frf-4qhk
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
reference_id
reference_type
scores
0
value 0.03338
scoring_system epss
scoring_elements 0.87617
published_at 2026-06-14T12:55:00Z
1
value 0.03338
scoring_system epss
scoring_elements 0.87621
published_at 2026-06-13T12:55:00Z
2
value 0.03338
scoring_system epss
scoring_elements 0.87615
published_at 2026-06-12T12:55:00Z
3
value 0.03338
scoring_system epss
scoring_elements 0.87573
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
5
reference_url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/releases/tag/v5.2.4.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.4.6
9
reference_url https://github.com/rails/rails/releases/tag/v5.2.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.6
10
reference_url https://github.com/rails/rails/releases/tag/v6.0.3.7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.0.3.7
11
reference_url https://github.com/rails/rails/releases/tag/v6.1.3.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.3.2
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
13
reference_url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
14
reference_url https://hackerone.com/reports/1101125
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1101125
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
16
reference_url https://security.netapp.com/advisory/ntap-20210805-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0009
17
reference_url https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0009/
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
reference_id 1961379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id 988214
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
20
reference_url https://security.archlinux.org/AVG-1920
reference_id AVG-1920
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1920
21
reference_url https://security.archlinux.org/AVG-1921
reference_id AVG-1921
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1921
22
reference_url https://security.archlinux.org/AVG-2090
reference_id AVG-2090
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2090
23
reference_url https://security.archlinux.org/AVG-2223
reference_id AVG-2223
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2223
24
reference_url https://github.com/advisories/GHSA-7wjx-3g7j-8584
reference_id GHSA-7wjx-3g7j-8584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7wjx-3g7j-8584
25
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
fixed_packages
0
url pkg:gem/actionpack@5.2.4.6
purl pkg:gem/actionpack@5.2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-3k19-3heq-dufq
4
vulnerability VCID-5r3f-m1fv-f7bp
5
vulnerability VCID-6hkq-y2fb-skgq
6
vulnerability VCID-f5mb-arn4-skau
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-h6gd-uea5-u3bp
9
vulnerability VCID-kkxa-423m-vqbt
10
vulnerability VCID-q148-xawj-bkeu
11
vulnerability VCID-us61-ajgq-5uaa
12
vulnerability VCID-zbyh-ajmd-tybh
13
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.6
1
url pkg:gem/actionpack@5.2.6
purl pkg:gem/actionpack@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-3k19-3heq-dufq
4
vulnerability VCID-5r3f-m1fv-f7bp
5
vulnerability VCID-6hkq-y2fb-skgq
6
vulnerability VCID-f5mb-arn4-skau
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-h6gd-uea5-u3bp
9
vulnerability VCID-kkxa-423m-vqbt
10
vulnerability VCID-q148-xawj-bkeu
11
vulnerability VCID-us61-ajgq-5uaa
12
vulnerability VCID-zbyh-ajmd-tybh
13
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6
2
url pkg:gem/actionpack@6.0.3.7
purl pkg:gem/actionpack@6.0.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-3k19-3heq-dufq
4
vulnerability VCID-4j57-xdw3-a7em
5
vulnerability VCID-5r3f-m1fv-f7bp
6
vulnerability VCID-6hkq-y2fb-skgq
7
vulnerability VCID-f5mb-arn4-skau
8
vulnerability VCID-fnx8-28wd-qqgx
9
vulnerability VCID-h6gd-uea5-u3bp
10
vulnerability VCID-kkxa-423m-vqbt
11
vulnerability VCID-q148-xawj-bkeu
12
vulnerability VCID-tnty-pw45-4ug3
13
vulnerability VCID-us61-ajgq-5uaa
14
vulnerability VCID-zbyh-ajmd-tybh
15
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.7
3
url pkg:gem/actionpack@6.1.3.2
purl pkg:gem/actionpack@6.1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-3k19-3heq-dufq
4
vulnerability VCID-4j57-xdw3-a7em
5
vulnerability VCID-5r3f-m1fv-f7bp
6
vulnerability VCID-6hkq-y2fb-skgq
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-h6gd-uea5-u3bp
9
vulnerability VCID-kkxa-423m-vqbt
10
vulnerability VCID-q148-xawj-bkeu
11
vulnerability VCID-tnty-pw45-4ug3
12
vulnerability VCID-us61-ajgq-5uaa
13
vulnerability VCID-zbyh-ajmd-tybh
14
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2
aliases CVE-2021-22904, GHSA-7wjx-3g7j-8584
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2s57-9frf-4qhk
1
url VCID-2uka-fwza-dyfc
vulnerability_id VCID-2uka-fwza-dyfc
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22792
reference_id
reference_type
scores
0
value 0.02264
scoring_system epss
scoring_elements 0.84992
published_at 2026-06-11T12:55:00Z
1
value 0.02264
scoring_system epss
scoring_elements 0.85046
published_at 2026-06-14T12:55:00Z
2
value 0.02264
scoring_system epss
scoring_elements 0.85053
published_at 2026-06-13T12:55:00Z
3
value 0.02264
scoring_system epss
scoring_elements 0.85044
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22792
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
13
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
14
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22792
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22792
17
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
18
reference_url https://security.netapp.com/advisory/ntap-20240202-0007
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240202-0007
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164800
reference_id 2164800
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164800
21
reference_url https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
reference_id 82115
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
22
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id dsa-5372
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://www.debian.org/security/2023/dsa-5372
23
reference_url https://github.com/advisories/GHSA-p84v-45xj-wwqj
reference_id GHSA-p84v-45xj-wwqj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p84v-45xj-wwqj
24
reference_url https://security.netapp.com/advisory/ntap-20240202-0007/
reference_id ntap-20240202-0007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://security.netapp.com/advisory/ntap-20240202-0007/
25
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/actionpack@5.2.8
purl pkg:gem/actionpack@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8
1
url pkg:gem/actionpack@5.2.8.15
purl pkg:gem/actionpack@5.2.8.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8.15
2
url pkg:gem/actionpack@6.1.7.1
purl pkg:gem/actionpack@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1
3
url pkg:gem/actionpack@7.0.4.1
purl pkg:gem/actionpack@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1
aliases CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2uka-fwza-dyfc
2
url VCID-3e1p-t61q-xfft
vulnerability_id VCID-3e1p-t61q-xfft
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23633
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.49194
published_at 2026-06-14T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.49204
published_at 2026-06-13T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.49186
published_at 2026-06-12T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.49049
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23633
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
16
reference_url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
17
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
18
reference_url https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released
19
reference_url https://security.netapp.com/advisory/ntap-20240119-0013
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240119-0013
20
reference_url https://security.netapp.com/advisory/ntap-20240119-0013/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240119-0013/
21
reference_url http://www.openwall.com/lists/oss-security/2022/02/11/5
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/02/11/5
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
reference_id 1005389
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2063149
reference_id 2063149
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2063149
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23633
reference_id CVE-2022-23633
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23633
25
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml
reference_id CVE-2022-23633.YML
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml
26
reference_url https://github.com/advisories/GHSA-wh98-p28r-vrc9
reference_id GHSA-wh98-p28r-vrc9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wh98-p28r-vrc9
27
reference_url https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
reference_id GHSA-wh98-p28r-vrc9
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
28
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
fixed_packages
0
url pkg:gem/actionpack@5.2.6.2
purl pkg:gem/actionpack@5.2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3k19-3heq-dufq
3
vulnerability VCID-5r3f-m1fv-f7bp
4
vulnerability VCID-6hkq-y2fb-skgq
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-h6gd-uea5-u3bp
7
vulnerability VCID-kkxa-423m-vqbt
8
vulnerability VCID-q148-xawj-bkeu
9
vulnerability VCID-us61-ajgq-5uaa
10
vulnerability VCID-zbyh-ajmd-tybh
11
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6.2
1
url pkg:gem/actionpack@6.0.0.beta1
purl pkg:gem/actionpack@6.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-f5mb-arn4-skau
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-h6gd-uea5-u3bp
7
vulnerability VCID-jyvd-yu2u-rucu
8
vulnerability VCID-q148-xawj-bkeu
9
vulnerability VCID-us61-ajgq-5uaa
10
vulnerability VCID-zbyh-ajmd-tybh
11
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.0.beta1
2
url pkg:gem/actionpack@6.0.4.6
purl pkg:gem/actionpack@6.0.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3k19-3heq-dufq
3
vulnerability VCID-5r3f-m1fv-f7bp
4
vulnerability VCID-6hkq-y2fb-skgq
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-h6gd-uea5-u3bp
7
vulnerability VCID-kkxa-423m-vqbt
8
vulnerability VCID-q148-xawj-bkeu
9
vulnerability VCID-us61-ajgq-5uaa
10
vulnerability VCID-zbyh-ajmd-tybh
11
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.4.6
3
url pkg:gem/actionpack@6.1.0.rc1
purl pkg:gem/actionpack@6.1.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-f5mb-arn4-skau
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-h6gd-uea5-u3bp
7
vulnerability VCID-q148-xawj-bkeu
8
vulnerability VCID-us61-ajgq-5uaa
9
vulnerability VCID-zbyh-ajmd-tybh
10
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.0.rc1
4
url pkg:gem/actionpack@6.1.4.6
purl pkg:gem/actionpack@6.1.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3k19-3heq-dufq
3
vulnerability VCID-5r3f-m1fv-f7bp
4
vulnerability VCID-6hkq-y2fb-skgq
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-h6gd-uea5-u3bp
7
vulnerability VCID-kkxa-423m-vqbt
8
vulnerability VCID-q148-xawj-bkeu
9
vulnerability VCID-us61-ajgq-5uaa
10
vulnerability VCID-zbyh-ajmd-tybh
11
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.4.6
5
url pkg:gem/actionpack@7.0.0.alpha1
purl pkg:gem/actionpack@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1
6
url pkg:gem/actionpack@7.0.2.2
purl pkg:gem/actionpack@7.0.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3k19-3heq-dufq
3
vulnerability VCID-5r3f-m1fv-f7bp
4
vulnerability VCID-6hkq-y2fb-skgq
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-g5uw-9j6g-cyb6
7
vulnerability VCID-h6gd-uea5-u3bp
8
vulnerability VCID-kkxa-423m-vqbt
9
vulnerability VCID-q148-xawj-bkeu
10
vulnerability VCID-us61-ajgq-5uaa
11
vulnerability VCID-zbyh-ajmd-tybh
12
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.2
aliases CVE-2022-23633, GHSA-wh98-p28r-vrc9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3e1p-t61q-xfft
3
url VCID-3k19-3heq-dufq
vulnerability_id VCID-3k19-3heq-dufq
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41128
reference_id
reference_type
scores
0
value 0.00557
scoring_system epss
scoring_elements 0.68744
published_at 2026-06-12T12:55:00Z
1
value 0.00557
scoring_system epss
scoring_elements 0.68757
published_at 2026-06-13T12:55:00Z
2
value 0.00557
scoring_system epss
scoring_elements 0.68652
published_at 2026-06-11T12:55:00Z
3
value 0.00557
scoring_system epss
scoring_elements 0.68753
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41128
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
6
reference_url https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075
reference_id 27121e80f6dbb260f5a9f0452cd8411cb681f075
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075
7
reference_url https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef
reference_id b0fe99fa854ec8ff4498e75779b458392d1560ef
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef
8
reference_url https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891
reference_id b1241f468d1b32235f438c2e2203386e6efd3891
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891
9
reference_url https://access.redhat.com/security/cve/cve-2024-41128
reference_id cve-2024-41128
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://access.redhat.com/security/cve/cve-2024-41128
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41128
reference_id CVE-2024-41128
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41128
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml
reference_id CVE-2024-41128.YML
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml
12
reference_url https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
reference_id fb493bebae1a9b83e494fe7edbf01f6167d606fd
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
13
reference_url https://github.com/advisories/GHSA-x76w-6vjr-8xgj
reference_id GHSA-x76w-6vjr-8xgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x76w-6vjr-8xgj
14
reference_url https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
reference_id GHSA-x76w-6vjr-8xgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319036
reference_id show_bug.cgi?id=2319036
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2319036
16
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:gem/actionpack@6.1.7.9
purl pkg:gem/actionpack@6.1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
1
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9
1
url pkg:gem/actionpack@7.0.0.alpha1
purl pkg:gem/actionpack@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1
2
url pkg:gem/actionpack@7.0.8.5
purl pkg:gem/actionpack@7.0.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
1
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5
3
url pkg:gem/actionpack@7.1.0.beta1
purl pkg:gem/actionpack@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-5r3f-m1fv-f7bp
2
vulnerability VCID-6hkq-y2fb-skgq
3
vulnerability VCID-q148-xawj-bkeu
4
vulnerability VCID-us61-ajgq-5uaa
5
vulnerability VCID-zbyh-ajmd-tybh
6
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1
4
url pkg:gem/actionpack@7.1.4.1
purl pkg:gem/actionpack@7.1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
1
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1
5
url pkg:gem/actionpack@7.2.0.beta1
purl pkg:gem/actionpack@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-q148-xawj-bkeu
2
vulnerability VCID-us61-ajgq-5uaa
3
vulnerability VCID-zbyh-ajmd-tybh
4
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1
6
url pkg:gem/actionpack@7.2.1.1
purl pkg:gem/actionpack@7.2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
1
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1
7
url pkg:gem/actionpack@8.0.0.beta1
purl pkg:gem/actionpack@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-us61-ajgq-5uaa
2
vulnerability VCID-zbyh-ajmd-tybh
3
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1
aliases CVE-2024-41128, GHSA-x76w-6vjr-8xgj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3k19-3heq-dufq
4
url VCID-56hv-j97k-w3dr
vulnerability_id VCID-56hv-j97k-w3dr
summary 
Multiple vulnerabilities were found in Ruby on Rails, the worst of
    which allowing for execution of arbitrary code.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0446
reference_id
reference_type
scores
0
value 0.0067
scoring_system epss
scoring_elements 0.71925
published_at 2026-06-14T12:55:00Z
1
value 0.0067
scoring_system epss
scoring_elements 0.71928
published_at 2026-06-13T12:55:00Z
2
value 0.0067
scoring_system epss
scoring_elements 0.71915
published_at 2026-06-12T12:55:00Z
3
value 0.0067
scoring_system epss
scoring_elements 0.7183
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0446
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446
6
reference_url http://secunia.com/advisories/43274
reference_id
reference_type
scores
url http://secunia.com/advisories/43274
7
reference_url http://secunia.com/advisories/43666
reference_id
reference_type
scores
url http://secunia.com/advisories/43666
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217
10
reference_url https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2
11
reference_url https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
12
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274
13
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666
14
reference_url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
15
reference_url https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064
16
reference_url http://www.debian.org/security/2011/dsa-2247
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2247
17
reference_url http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46291
18
reference_url http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1025064
19
reference_url http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0587
20
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id 614864
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0446
reference_id CVE-2011-0446
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0446
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml
reference_id CVE-2011-0446.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml
24
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml
reference_id CVE-2011-0446.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml
25
reference_url https://github.com/advisories/GHSA-75w6-p6mg-vh8j
reference_id GHSA-75w6-p6mg-vh8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75w6-p6mg-vh8j
26
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-0446, GHSA-75w6-p6mg-vh8j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56hv-j97k-w3dr
5
url VCID-58mv-ca6x-ruh8
vulnerability_id VCID-58mv-ca6x-ruh8
summary 
Multiple vulnerabilities were found in Ruby on Rails, the worst of
    which allowing for execution of arbitrary code.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0447
reference_id
reference_type
scores
0
value 0.00991
scoring_system epss
scoring_elements 0.77387
published_at 2026-06-14T12:55:00Z
1
value 0.00991
scoring_system epss
scoring_elements 0.77395
published_at 2026-06-13T12:55:00Z
2
value 0.00991
scoring_system epss
scoring_elements 0.77309
published_at 2026-06-11T12:55:00Z
3
value 0.00991
scoring_system epss
scoring_elements 0.7738
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0447
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447
6
reference_url http://secunia.com/advisories/43274
reference_id
reference_type
scores
url http://secunia.com/advisories/43274
7
reference_url http://secunia.com/advisories/43666
reference_id
reference_type
scores
url http://secunia.com/advisories/43666
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034
10
reference_url https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06
11
reference_url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
12
reference_url https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060
13
reference_url http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
14
reference_url http://www.debian.org/security/2011/dsa-2247
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2247
15
reference_url http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46291
16
reference_url http://www.securitytracker.com/id?1025060
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1025060
17
reference_url http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0587
18
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id 614864
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0447
reference_id CVE-2011-0447
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0447
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml
reference_id CVE-2011-0447.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml
22
reference_url https://github.com/advisories/GHSA-24fg-p96v-hxh8
reference_id GHSA-24fg-p96v-hxh8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-24fg-p96v-hxh8
23
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-0447, GHSA-24fg-p96v-hxh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58mv-ca6x-ruh8
6
url VCID-5932-9sn8-jqbf
vulnerability_id VCID-5932-9sn8-jqbf
summary 
Multiple vulnerabilities were found in Ruby on Rails, the worst of
    which allowing for execution of arbitrary code.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2929
reference_id
reference_type
scores
0
value 0.00814
scoring_system epss
scoring_elements 0.74787
published_at 2026-06-12T12:55:00Z
1
value 0.00814
scoring_system epss
scoring_elements 0.748
published_at 2026-06-13T12:55:00Z
2
value 0.00814
scoring_system epss
scoring_elements 0.74715
published_at 2026-06-11T12:55:00Z
3
value 0.00814
scoring_system epss
scoring_elements 0.74796
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2929
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731432
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731432
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552
7
reference_url https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
8
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
9
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
10
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2929
reference_id CVE-2011-2929
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2929
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml
reference_id CVE-2011-2929.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml
17
reference_url https://github.com/advisories/GHSA-r7q2-5gqg-6c7q
reference_id GHSA-r7q2-5gqg-6c7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7q2-5gqg-6c7q
18
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-2929, GHSA-r7q2-5gqg-6c7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5932-9sn8-jqbf
7
url VCID-5r3f-m1fv-f7bp
vulnerability_id VCID-5r3f-m1fv-f7bp
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26142
reference_id
reference_type
scores
0
value 0.03542
scoring_system epss
scoring_elements 0.87994
published_at 2026-06-14T12:55:00Z
1
value 0.03542
scoring_system epss
scoring_elements 0.87996
published_at 2026-06-13T12:55:00Z
2
value 0.03542
scoring_system epss
scoring_elements 0.87989
published_at 2026-06-12T12:55:00Z
3
value 0.03542
scoring_system epss
scoring_elements 0.87948
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26142
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266324
reference_id 2266324
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266324
5
reference_url https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
reference_id 84946
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
6
reference_url https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272
reference_id b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26142
reference_id CVE-2024-26142
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26142
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml
reference_id CVE-2024-26142.yml
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml
9
reference_url https://github.com/advisories/GHSA-jjhx-jhvp-74wq
reference_id GHSA-jjhx-jhvp-74wq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjhx-jhvp-74wq
10
reference_url https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq
reference_id GHSA-jjhx-jhvp-74wq
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq
11
reference_url https://security.netapp.com/advisory/ntap-20240503-0003/
reference_id ntap-20240503-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://security.netapp.com/advisory/ntap-20240503-0003/
fixed_packages
0
url pkg:gem/actionpack@7.1.3.1
purl pkg:gem/actionpack@7.1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-q148-xawj-bkeu
2
vulnerability VCID-us61-ajgq-5uaa
3
vulnerability VCID-zbyh-ajmd-tybh
4
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1
aliases CVE-2024-26142, GHSA-jjhx-jhvp-74wq
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5r3f-m1fv-f7bp
8
url VCID-6hkq-y2fb-skgq
vulnerability_id VCID-6hkq-y2fb-skgq
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26143
reference_id
reference_type
scores
0
value 0.02067
scoring_system epss
scoring_elements 0.843
published_at 2026-06-11T12:55:00Z
1
value 0.02067
scoring_system epss
scoring_elements 0.84358
published_at 2026-06-14T12:55:00Z
2
value 0.02067
scoring_system epss
scoring_elements 0.84364
published_at 2026-06-13T12:55:00Z
3
value 0.02067
scoring_system epss
scoring_elements 0.84355
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26143
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://security.netapp.com/advisory/ntap-20240510-0004
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240510-0004
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266388
reference_id 2266388
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266388
6
reference_url https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
reference_id 4c83b331092a79d58e4adffe4be5f250fa5782cc
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
7
reference_url https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
reference_id 5187a9ef51980ad1b8e81945ebe0462d28f84f9e
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
8
reference_url https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
reference_id 84947
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26143
reference_id CVE-2024-26143
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26143
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
reference_id CVE-2024-26143.yml
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
11
reference_url https://github.com/advisories/GHSA-9822-6m93-xqf4
reference_id GHSA-9822-6m93-xqf4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9822-6m93-xqf4
12
reference_url https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
reference_id GHSA-9822-6m93-xqf4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
13
reference_url https://security.netapp.com/advisory/ntap-20240510-0004/
reference_id ntap-20240510-0004
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://security.netapp.com/advisory/ntap-20240510-0004/
fixed_packages
0
url pkg:gem/actionpack@7.0.8.1
purl pkg:gem/actionpack@7.0.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-q148-xawj-bkeu
2
vulnerability VCID-us61-ajgq-5uaa
3
vulnerability VCID-zbyh-ajmd-tybh
4
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.1
1
url pkg:gem/actionpack@7.1.3.1
purl pkg:gem/actionpack@7.1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-q148-xawj-bkeu
2
vulnerability VCID-us61-ajgq-5uaa
3
vulnerability VCID-zbyh-ajmd-tybh
4
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1
aliases CVE-2024-26143, GHSA-9822-6m93-xqf4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hkq-y2fb-skgq
9
url VCID-72jm-58dq-mub5
vulnerability_id VCID-72jm-58dq-mub5
summary Action Pack contains database-query restrictions bypass
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36637
published_at 2026-06-11T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36841
published_at 2026-06-13T12:55:00Z
2
value 0.00159
scoring_system epss
scoring_elements 0.36816
published_at 2026-06-12T12:55:00Z
3
value 0.00159
scoring_system epss
scoring_elements 0.3683
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
10
reference_url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
12
reference_url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
13
reference_url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
14
reference_url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827353
reference_id 827353
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827353
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
reference_id CVE-2012-2660
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
19
reference_url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
reference_id GHSA-hgpp-pp89-4fgf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
20
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
21
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72jm-58dq-mub5
10
url VCID-bn9m-pqu3-bffj
vulnerability_id VCID-bn9m-pqu3-bffj
summary 
Multiple vulnerabilities have been discovered in Rails, the worst of which
    leading to the execution of arbitrary SQL statements.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3086
reference_id
reference_type
scores
0
value 0.00556
scoring_system epss
scoring_elements 0.68618
published_at 2026-06-11T12:55:00Z
1
value 0.00556
scoring_system epss
scoring_elements 0.68719
published_at 2026-06-14T12:55:00Z
2
value 0.00556
scoring_system epss
scoring_elements 0.68724
published_at 2026-06-13T12:55:00Z
3
value 0.00556
scoring_system epss
scoring_elements 0.68711
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3086
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086
3
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
url http://secunia.com/advisories/36600
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0
6
reference_url https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978
7
reference_url https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686
8
reference_url https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544
9
reference_url https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600
10
reference_url https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427
11
reference_url http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails
12
reference_url http://www.debian.org/security/2011/dsa-2260
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2260
13
reference_url http://www.securityfocus.com/bid/37427
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/37427
14
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/2544
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id 545063
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-3086
reference_id CVE-2009-3086
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-3086
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml
reference_id CVE-2009-3086.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml
reference_id CVE-2009-3086.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml
19
reference_url https://github.com/advisories/GHSA-fg9w-g6m4-557j
reference_id GHSA-fg9w-g6m4-557j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fg9w-g6m4-557j
20
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2009-3086, GHSA-fg9w-g6m4-557j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bn9m-pqu3-bffj
11
url VCID-bqps-e1sm-xkhe
vulnerability_id VCID-bqps-e1sm-xkhe
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8166
reference_id
reference_type
scores
0
value 0.00443
scoring_system epss
scoring_elements 0.63745
published_at 2026-06-11T12:55:00Z
1
value 0.00443
scoring_system epss
scoring_elements 0.63859
published_at 2026-06-14T12:55:00Z
2
value 0.00443
scoring_system epss
scoring_elements 0.63861
published_at 2026-06-13T12:55:00Z
3
value 0.00443
scoring_system epss
scoring_elements 0.63847
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8166
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843152
reference_id 1843152
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843152
12
reference_url https://hackerone.com/reports/732415
reference_id 732415
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/
url https://hackerone.com/reports/732415
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8166
reference_id CVE-2020-8166
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8166
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml
reference_id CVE-2020-8166.YML
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml
15
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id dsa-4766
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/
url https://www.debian.org/security/2020/dsa-4766
16
reference_url https://github.com/advisories/GHSA-jp5v-5gx4-jmj9
reference_id GHSA-jp5v-5gx4-jmj9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp5v-5gx4-jmj9
17
reference_url https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
reference_id NOjKiGeXUgw
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/
url https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
18
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/actionpack@5.2.4.3
purl pkg:gem/actionpack@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-3e1p-t61q-xfft
4
vulnerability VCID-3k19-3heq-dufq
5
vulnerability VCID-5r3f-m1fv-f7bp
6
vulnerability VCID-6hkq-y2fb-skgq
7
vulnerability VCID-f5mb-arn4-skau
8
vulnerability VCID-fnx8-28wd-qqgx
9
vulnerability VCID-h6gd-uea5-u3bp
10
vulnerability VCID-jyvd-yu2u-rucu
11
vulnerability VCID-kkxa-423m-vqbt
12
vulnerability VCID-q148-xawj-bkeu
13
vulnerability VCID-us61-ajgq-5uaa
14
vulnerability VCID-uzrf-6puc-kygc
15
vulnerability VCID-zbyh-ajmd-tybh
16
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.3
1
url pkg:gem/actionpack@6.0.3.1
purl pkg:gem/actionpack@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-3e1p-t61q-xfft
4
vulnerability VCID-3k19-3heq-dufq
5
vulnerability VCID-4j57-xdw3-a7em
6
vulnerability VCID-5r3f-m1fv-f7bp
7
vulnerability VCID-6hkq-y2fb-skgq
8
vulnerability VCID-f5mb-arn4-skau
9
vulnerability VCID-fhjg-crvh-myhd
10
vulnerability VCID-fnx8-28wd-qqgx
11
vulnerability VCID-h6gd-uea5-u3bp
12
vulnerability VCID-jyvd-yu2u-rucu
13
vulnerability VCID-kkxa-423m-vqbt
14
vulnerability VCID-m1pe-q2r4-zfap
15
vulnerability VCID-mepe-vuu9-g3gd
16
vulnerability VCID-q148-xawj-bkeu
17
vulnerability VCID-tnty-pw45-4ug3
18
vulnerability VCID-us61-ajgq-5uaa
19
vulnerability VCID-uzrf-6puc-kygc
20
vulnerability VCID-zbyh-ajmd-tybh
21
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.1
aliases CVE-2020-8166, GHSA-jp5v-5gx4-jmj9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqps-e1sm-xkhe
12
url VCID-cab4-yeek-cfcw
vulnerability_id VCID-cab4-yeek-cfcw
summary 
Multiple vulnerabilities have been discovered in Rails, the worst of which
    leading to the execution of arbitrary SQL statements.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
1
reference_url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
2
reference_url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-7248
reference_id
reference_type
scores
0
value 0.11409
scoring_system epss
scoring_elements 0.93763
published_at 2026-06-14T12:55:00Z
1
value 0.11409
scoring_system epss
scoring_elements 0.93762
published_at 2026-06-13T12:55:00Z
2
value 0.11409
scoring_system epss
scoring_elements 0.93758
published_at 2026-06-12T12:55:00Z
3
value 0.11409
scoring_system epss
scoring_elements 0.93738
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-7248
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=544329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=544329
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248
7
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
url http://secunia.com/advisories/36600
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
10
reference_url https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
11
reference_url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
12
reference_url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
13
reference_url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
14
reference_url https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544
15
reference_url https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
16
reference_url https://www.openwall.com/lists/oss-security/2009/11/28/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2009/11/28/1
17
reference_url https://www.openwall.com/lists/oss-security/2009/12/02/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2009/12/02/2
18
reference_url https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
19
reference_url http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
20
reference_url http://www.openwall.com/lists/oss-security/2009/11/28/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/11/28/1
21
reference_url http://www.openwall.com/lists/oss-security/2009/12/02/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/12/02/2
22
reference_url http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
url http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
23
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/2544
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id 558685
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
25
reference_url https://access.redhat.com/security/cve/CVE-2008-7248
reference_id CVE-2008-7248
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2008-7248
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-7248
reference_id CVE-2008-7248
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-7248
27
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
reference_id CVE-2008-7248;OSVDB-61124
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
28
reference_url https://www.securityfocus.com/bid/37322/info
reference_id CVE-2008-7248;OSVDB-61124
reference_type exploit
scores
url https://www.securityfocus.com/bid/37322/info
29
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml
reference_id CVE-2008-7248.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml
30
reference_url https://github.com/advisories/GHSA-8fqx-7pv4-3jwm
reference_id GHSA-8fqx-7pv4-3jwm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8fqx-7pv4-3jwm
31
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2008-7248, GHSA-8fqx-7pv4-3jwm
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cab4-yeek-cfcw
13
url VCID-en5b-axpg-eud2
vulnerability_id VCID-en5b-axpg-eud2
summary Cross-site Scripting vulnerability in i18n translations helper method
references
0
reference_url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1
1
reference_url http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain
2
reference_url http://openwall.com/lists/oss-security/2011/11/18/8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/11/18/8
3
reference_url http://osvdb.org/77199
reference_id
reference_type
scores
url http://osvdb.org/77199
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4319
reference_id
reference_type
scores
0
value 0.00607
scoring_system epss
scoring_elements 0.70274
published_at 2026-06-14T12:55:00Z
1
value 0.00607
scoring_system epss
scoring_elements 0.70277
published_at 2026-06-13T12:55:00Z
2
value 0.00607
scoring_system epss
scoring_elements 0.70263
published_at 2026-06-12T12:55:00Z
3
value 0.00607
scoring_system epss
scoring_elements 0.70173
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4319
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/71364
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/71364
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c
9
reference_url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade
10
reference_url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
12
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU
13
reference_url https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722
14
reference_url https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342
15
reference_url http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
16
reference_url http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released
17
reference_url http://www.securityfocus.com/bid/50722
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/50722
18
reference_url http://www.securitytracker.com/id?1026342
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1026342
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=755004
reference_id 755004
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=755004
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4319
reference_id CVE-2011-4319
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-4319
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml
reference_id CVE-2011-4319.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml
22
reference_url https://github.com/advisories/GHSA-xxr8-833v-c7wc
reference_id GHSA-xxr8-833v-c7wc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxr8-833v-c7wc
fixed_packages
aliases CVE-2011-4319, GHSA-xxr8-833v-c7wc, OSV-77199
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-en5b-axpg-eud2
14
url VCID-f5mb-arn4-skau
vulnerability_id VCID-f5mb-arn4-skau
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22903
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26741
published_at 2026-06-14T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26541
published_at 2026-06-11T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26757
published_at 2026-06-13T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26743
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22903
2
reference_url https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails/releases/tag/v6.1.3.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.3.2
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml
6
reference_url https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0
7
reference_url https://hackerone.com/reports/1148025
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1148025
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22903
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22903
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1957438
reference_id 1957438
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1957438
10
reference_url https://security.archlinux.org/AVG-1919
reference_id AVG-1919
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1919
11
reference_url https://github.com/advisories/GHSA-5hq2-xf89-9jxq
reference_id GHSA-5hq2-xf89-9jxq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hq2-xf89-9jxq
fixed_packages
0
url pkg:gem/actionpack@6.1.3.2
purl pkg:gem/actionpack@6.1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-3k19-3heq-dufq
4
vulnerability VCID-4j57-xdw3-a7em
5
vulnerability VCID-5r3f-m1fv-f7bp
6
vulnerability VCID-6hkq-y2fb-skgq
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-h6gd-uea5-u3bp
9
vulnerability VCID-kkxa-423m-vqbt
10
vulnerability VCID-q148-xawj-bkeu
11
vulnerability VCID-tnty-pw45-4ug3
12
vulnerability VCID-us61-ajgq-5uaa
13
vulnerability VCID-zbyh-ajmd-tybh
14
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2
aliases CVE-2021-22903, GHSA-5hq2-xf89-9jxq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5mb-arn4-skau
15
url VCID-fnx8-28wd-qqgx
vulnerability_id VCID-fnx8-28wd-qqgx
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
reference_id
reference_type
scores
0
value 0.01304
scoring_system epss
scoring_elements 0.80176
published_at 2026-06-11T12:55:00Z
1
value 0.01304
scoring_system epss
scoring_elements 0.80246
published_at 2026-06-14T12:55:00Z
2
value 0.01304
scoring_system epss
scoring_elements 0.80254
published_at 2026-06-13T12:55:00Z
3
value 0.01304
scoring_system epss
scoring_elements 0.80238
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
16
reference_url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
17
reference_url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
18
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
19
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
22
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
reference_id 2164799
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
25
reference_url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
reference_id GHSA-8xww-x3g3-6jcv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
26
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/actionpack@5.2.8
purl pkg:gem/actionpack@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8
1
url pkg:gem/actionpack@6.1.7.1
purl pkg:gem/actionpack@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1
2
url pkg:gem/actionpack@7.0.4.1
purl pkg:gem/actionpack@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1
aliases CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnx8-28wd-qqgx
16
url VCID-h6gd-uea5-u3bp
vulnerability_id VCID-h6gd-uea5-u3bp
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28362
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.43064
published_at 2026-06-11T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.43231
published_at 2026-06-14T12:55:00Z
2
value 0.00207
scoring_system epss
scoring_elements 0.4324
published_at 2026-06-13T12:55:00Z
3
value 0.00207
scoring_system epss
scoring_elements 0.43222
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28362
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28362
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28362
8
reference_url https://security.netapp.com/advisory/ntap-20250502-0009
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250502-0009
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058
reference_id 1051058
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058
10
reference_url https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441
reference_id 1c3f93d1e90a3475f9ae2377ead25ccf11f71441
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2217785
reference_id 2217785
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2217785
12
reference_url https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5
reference_id 69e37c84e3f77d75566424c7d0015172d6a6fac5
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5
13
reference_url https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
reference_id 83132
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements
1
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
14
reference_url https://github.com/advisories/GHSA-4g8v-vg43-wpgf
reference_id GHSA-4g8v-vg43-wpgf
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://github.com/advisories/GHSA-4g8v-vg43-wpgf
15
reference_url https://access.redhat.com/errata/RHSA-2023:7851
reference_id RHSA-2023:7851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7851
fixed_packages
0
url pkg:gem/actionpack@6.1.7.4
purl pkg:gem/actionpack@6.1.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-5r3f-m1fv-f7bp
2
vulnerability VCID-6hkq-y2fb-skgq
3
vulnerability VCID-q148-xawj-bkeu
4
vulnerability VCID-us61-ajgq-5uaa
5
vulnerability VCID-zbyh-ajmd-tybh
6
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.4
1
url pkg:gem/actionpack@7.0.5.1
purl pkg:gem/actionpack@7.0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-5r3f-m1fv-f7bp
2
vulnerability VCID-6hkq-y2fb-skgq
3
vulnerability VCID-q148-xawj-bkeu
4
vulnerability VCID-us61-ajgq-5uaa
5
vulnerability VCID-zbyh-ajmd-tybh
6
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.5.1
aliases CVE-2023-28362, GHSA-4g8v-vg43-wpgf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gd-uea5-u3bp
17
url VCID-j53k-283t-ebcw
vulnerability_id VCID-j53k-283t-ebcw
summary actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44929
published_at 2026-06-13T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44764
published_at 2026-06-11T12:55:00Z
2
value 0.0022
scoring_system epss
scoring_elements 0.44916
published_at 2026-06-14T12:55:00Z
3
value 0.0022
scoring_system epss
scoring_elements 0.44914
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
10
reference_url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
11
reference_url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
12
reference_url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=831581
reference_id 831581
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=831581
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
reference_id CVE-2012-2694
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
reference_id CVE-2012-2694.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
16
reference_url https://github.com/advisories/GHSA-q34c-48gc-m9g8
reference_id GHSA-q34c-48gc-m9g8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q34c-48gc-m9g8
17
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
18
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2694, GHSA-q34c-48gc-m9g8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j53k-283t-ebcw
18
url VCID-jyvd-yu2u-rucu
vulnerability_id VCID-jyvd-yu2u-rucu
summary Untrusted users can run pending migrations in production in Rails
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8185
reference_id
reference_type
scores
0
value 0.00679
scoring_system epss
scoring_elements 0.72131
published_at 2026-06-12T12:55:00Z
1
value 0.00679
scoring_system epss
scoring_elements 0.72046
published_at 2026-06-11T12:55:00Z
2
value 0.00679
scoring_system epss
scoring_elements 0.72138
published_at 2026-06-14T12:55:00Z
3
value 0.00679
scoring_system epss
scoring_elements 0.72143
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8185
2
reference_url https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2
3
reference_url https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
4
reference_url https://hackerone.com/reports/899069
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/899069
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852380
reference_id 1852380
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852380
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
reference_id 964081
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8185
reference_id CVE-2020-8185
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8185
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml
reference_id CVE-2020-8185.YML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml
11
reference_url https://github.com/advisories/GHSA-c6qr-h5vq-59jc
reference_id GHSA-c6qr-h5vq-59jc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6qr-h5vq-59jc
12
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/actionpack@6.0.3.2
purl pkg:gem/actionpack@6.0.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-3e1p-t61q-xfft
4
vulnerability VCID-3k19-3heq-dufq
5
vulnerability VCID-4j57-xdw3-a7em
6
vulnerability VCID-5r3f-m1fv-f7bp
7
vulnerability VCID-6hkq-y2fb-skgq
8
vulnerability VCID-f5mb-arn4-skau
9
vulnerability VCID-fhjg-crvh-myhd
10
vulnerability VCID-fnx8-28wd-qqgx
11
vulnerability VCID-h6gd-uea5-u3bp
12
vulnerability VCID-kkxa-423m-vqbt
13
vulnerability VCID-m1pe-q2r4-zfap
14
vulnerability VCID-mepe-vuu9-g3gd
15
vulnerability VCID-q148-xawj-bkeu
16
vulnerability VCID-tnty-pw45-4ug3
17
vulnerability VCID-us61-ajgq-5uaa
18
vulnerability VCID-uzrf-6puc-kygc
19
vulnerability VCID-zbyh-ajmd-tybh
20
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.2
aliases CVE-2020-8185, GHSA-c6qr-h5vq-59jc
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyvd-yu2u-rucu
19
url VCID-kkxa-423m-vqbt
vulnerability_id VCID-kkxa-423m-vqbt
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-27777
reference_id
reference_type
scores
0
value 0.00852
scoring_system epss
scoring_elements 0.75423
published_at 2026-06-12T12:55:00Z
1
value 0.00852
scoring_system epss
scoring_elements 0.75432
published_at 2026-06-14T12:55:00Z
2
value 0.00852
scoring_system epss
scoring_elements 0.75352
published_at 2026-06-11T12:55:00Z
3
value 0.00852
scoring_system epss
scoring_elements 0.75437
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-27777
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85
16
reference_url https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
17
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
18
reference_url https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982
reference_id 1016982
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2080296
reference_id 2080296
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2080296
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-27777
reference_id CVE-2022-27777
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-27777
22
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml
reference_id CVE-2022-27777.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml
23
reference_url https://github.com/advisories/GHSA-ch3h-j2vf-95pv
reference_id GHSA-ch3h-j2vf-95pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ch3h-j2vf-95pv
24
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
fixed_packages
0
url pkg:gem/actionpack@5.2.7.1
purl pkg:gem/actionpack@5.2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.7.1
1
url pkg:gem/actionpack@6.0.4.8
purl pkg:gem/actionpack@6.0.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.4.8
2
url pkg:gem/actionpack@6.1.5.1
purl pkg:gem/actionpack@6.1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.5.1
3
url pkg:gem/actionpack@7.0.2.4
purl pkg:gem/actionpack@7.0.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-g5uw-9j6g-cyb6
6
vulnerability VCID-h6gd-uea5-u3bp
7
vulnerability VCID-q148-xawj-bkeu
8
vulnerability VCID-us61-ajgq-5uaa
9
vulnerability VCID-zbyh-ajmd-tybh
10
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.4
aliases CVE-2022-27777, GHSA-ch3h-j2vf-95pv, GMS-2022-1138
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkxa-423m-vqbt
20
url VCID-kqsm-qvtq-4kc6
vulnerability_id VCID-kqsm-qvtq-4kc6
summary
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
reference_id
reference_type
scores
0
value 0.07389
scoring_system epss
scoring_elements 0.91945
published_at 2026-06-14T12:55:00Z
1
value 0.07389
scoring_system epss
scoring_elements 0.91948
published_at 2026-06-13T12:55:00Z
2
value 0.07389
scoring_system epss
scoring_elements 0.9194
published_at 2026-06-12T12:55:00Z
3
value 0.07389
scoring_system epss
scoring_elements 0.91913
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
13
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
14
reference_url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
15
reference_url https://hackerone.com/reports/292797
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/292797
16
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
17
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
reference_id 1842634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
reference_id CVE-2020-8164
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
reference_id CVE-2020-8164.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
21
reference_url https://github.com/advisories/GHSA-8727-m6gj-mc37
reference_id GHSA-8727-m6gj-mc37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8727-m6gj-mc37
22
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/actionpack@5.2.4.3
purl pkg:gem/actionpack@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-3e1p-t61q-xfft
4
vulnerability VCID-3k19-3heq-dufq
5
vulnerability VCID-5r3f-m1fv-f7bp
6
vulnerability VCID-6hkq-y2fb-skgq
7
vulnerability VCID-f5mb-arn4-skau
8
vulnerability VCID-fnx8-28wd-qqgx
9
vulnerability VCID-h6gd-uea5-u3bp
10
vulnerability VCID-jyvd-yu2u-rucu
11
vulnerability VCID-kkxa-423m-vqbt
12
vulnerability VCID-q148-xawj-bkeu
13
vulnerability VCID-us61-ajgq-5uaa
14
vulnerability VCID-uzrf-6puc-kygc
15
vulnerability VCID-zbyh-ajmd-tybh
16
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.3
1
url pkg:gem/actionpack@6.0.3.1
purl pkg:gem/actionpack@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-171r-59fd-2bbj
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-3e1p-t61q-xfft
4
vulnerability VCID-3k19-3heq-dufq
5
vulnerability VCID-4j57-xdw3-a7em
6
vulnerability VCID-5r3f-m1fv-f7bp
7
vulnerability VCID-6hkq-y2fb-skgq
8
vulnerability VCID-f5mb-arn4-skau
9
vulnerability VCID-fhjg-crvh-myhd
10
vulnerability VCID-fnx8-28wd-qqgx
11
vulnerability VCID-h6gd-uea5-u3bp
12
vulnerability VCID-jyvd-yu2u-rucu
13
vulnerability VCID-kkxa-423m-vqbt
14
vulnerability VCID-m1pe-q2r4-zfap
15
vulnerability VCID-mepe-vuu9-g3gd
16
vulnerability VCID-q148-xawj-bkeu
17
vulnerability VCID-tnty-pw45-4ug3
18
vulnerability VCID-us61-ajgq-5uaa
19
vulnerability VCID-uzrf-6puc-kygc
20
vulnerability VCID-zbyh-ajmd-tybh
21
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.1
aliases CVE-2020-8164, GHSA-8727-m6gj-mc37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsm-qvtq-4kc6
21
url VCID-ndgd-kzmk-7fab
vulnerability_id VCID-ndgd-kzmk-7fab
summary 
Multiple vulnerabilities were found in Ruby on Rails, the worst of
    which allowing for execution of arbitrary code.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2931
reference_id
reference_type
scores
0
value 0.00813
scoring_system epss
scoring_elements 0.74781
published_at 2026-06-13T12:55:00Z
1
value 0.00813
scoring_system epss
scoring_elements 0.74698
published_at 2026-06-11T12:55:00Z
2
value 0.00813
scoring_system epss
scoring_elements 0.74779
published_at 2026-06-14T12:55:00Z
3
value 0.00813
scoring_system epss
scoring_elements 0.74769
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2931
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731436
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731436
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931
7
reference_url http://secunia.com/advisories/45921
reference_id
reference_type
scores
url http://secunia.com/advisories/45921
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a
10
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
11
reference_url http://www.debian.org/security/2011/dsa-2301
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2301
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
15
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
16
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
17
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2931
reference_id CVE-2011-2931
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2931
19
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml
reference_id CVE-2011-2931.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml
20
reference_url https://github.com/advisories/GHSA-v5jg-558j-q67c
reference_id GHSA-v5jg-558j-q67c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v5jg-558j-q67c
21
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-2931, GHSA-v5jg-558j-q67c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndgd-kzmk-7fab
22
url VCID-q148-xawj-bkeu
vulnerability_id VCID-q148-xawj-bkeu
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28103
reference_id
reference_type
scores
0
value 0.00832
scoring_system epss
scoring_elements 0.75028
published_at 2026-06-11T12:55:00Z
1
value 0.00832
scoring_system epss
scoring_elements 0.75109
published_at 2026-06-14T12:55:00Z
2
value 0.00832
scoring_system epss
scoring_elements 0.75112
published_at 2026-06-13T12:55:00Z
3
value 0.00832
scoring_system epss
scoring_elements 0.75099
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28103
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://security.netapp.com/advisory/ntap-20241206-0002
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241206-0002
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705
reference_id 1072705
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2290530
reference_id 2290530
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2290530
7
reference_url https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
reference_id 35858f1d9d57f6c4050a8d9ab754bd5d088b4523
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/
url https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28103
reference_id CVE-2024-28103
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28103
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml
reference_id CVE-2024-28103.YML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml
10
reference_url https://github.com/advisories/GHSA-fwhr-88qx-h9g7
reference_id GHSA-fwhr-88qx-h9g7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwhr-88qx-h9g7
11
reference_url https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
reference_id GHSA-fwhr-88qx-h9g7
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/
url https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
fixed_packages
0
url pkg:gem/actionpack@6.1.7.8
purl pkg:gem/actionpack@6.1.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-us61-ajgq-5uaa
2
vulnerability VCID-zbyh-ajmd-tybh
3
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.8
1
url pkg:gem/actionpack@7.0.0.alpha1
purl pkg:gem/actionpack@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1
2
url pkg:gem/actionpack@7.0.8.4
purl pkg:gem/actionpack@7.0.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-us61-ajgq-5uaa
2
vulnerability VCID-zbyh-ajmd-tybh
3
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.4
3
url pkg:gem/actionpack@7.1.0.beta1
purl pkg:gem/actionpack@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-5r3f-m1fv-f7bp
2
vulnerability VCID-6hkq-y2fb-skgq
3
vulnerability VCID-q148-xawj-bkeu
4
vulnerability VCID-us61-ajgq-5uaa
5
vulnerability VCID-zbyh-ajmd-tybh
6
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1
4
url pkg:gem/actionpack@7.1.3.4
purl pkg:gem/actionpack@7.1.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-us61-ajgq-5uaa
2
vulnerability VCID-zbyh-ajmd-tybh
3
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.4
5
url pkg:gem/actionpack@7.2.0.beta2
purl pkg:gem/actionpack@7.2.0.beta2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-us61-ajgq-5uaa
2
vulnerability VCID-zbyh-ajmd-tybh
3
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta2
aliases CVE-2024-28103, GHSA-fwhr-88qx-h9g7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q148-xawj-bkeu
23
url VCID-ryyh-3t4j-hygv
vulnerability_id VCID-ryyh-3t4j-hygv
summary 
Multiple vulnerabilities have been discovered in Rails, the worst of which
    leading to the execution of arbitrary SQL statements.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
1
reference_url http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source
2
reference_url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3009
reference_id
reference_type
scores
0
value 0.01632
scoring_system epss
scoring_elements 0.82383
published_at 2026-06-14T12:55:00Z
1
value 0.01632
scoring_system epss
scoring_elements 0.82389
published_at 2026-06-13T12:55:00Z
2
value 0.01632
scoring_system epss
scoring_elements 0.82379
published_at 2026-06-12T12:55:00Z
3
value 0.01632
scoring_system epss
scoring_elements 0.82318
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3009
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009
7
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/36600
8
reference_url http://secunia.com/advisories/36717
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/36717
9
reference_url http://securitytracker.com/id?1022824
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securitytracker.com/id?1022824
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
11
reference_url http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT4077
12
reference_url http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails
13
reference_url http://www.debian.org/security/2009/dsa-1887
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2009/dsa-1887
14
reference_url http://www.osvdb.org/57666
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.osvdb.org/57666
15
reference_url http://www.securityfocus.com/bid/36278
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/36278
16
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/2544
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=520843
reference_id 520843
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=520843
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id 545063
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-3009
reference_id CVE-2009-3009
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-3009
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml
reference_id CVE-2009-3009.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml
21
reference_url https://github.com/advisories/GHSA-8qrh-h9m2-5fvf
reference_id GHSA-8qrh-h9m2-5fvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8qrh-h9m2-5fvf
22
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2009-3009, GHSA-8qrh-h9m2-5fvf, OSV-57666
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ryyh-3t4j-hygv
24
url VCID-sx3a-wftd-rufh
vulnerability_id VCID-sx3a-wftd-rufh
summary 
Multiple vulnerabilities were found in Ruby on Rails, the worst of
    which allowing for execution of arbitrary code.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0449
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68574
published_at 2026-06-11T12:55:00Z
1
value 0.00555
scoring_system epss
scoring_elements 0.68673
published_at 2026-06-14T12:55:00Z
2
value 0.00555
scoring_system epss
scoring_elements 0.68678
published_at 2026-06-13T12:55:00Z
3
value 0.00555
scoring_system epss
scoring_elements 0.68664
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0449
3
reference_url http://secunia.com/advisories/43278
reference_id
reference_type
scores
url http://secunia.com/advisories/43278
4
reference_url http://securitytracker.com/id?1025061
reference_id
reference_type
scores
url http://securitytracker.com/id?1025061
5
reference_url https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b
6
reference_url https://github.com/rails/rails/tree/main/actionpack
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/tree/main/actionpack
7
reference_url https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061
8
reference_url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
9
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0449
reference_id CVE-2011-0449
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0449
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml
reference_id CVE-2011-0449.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml
12
reference_url https://github.com/advisories/GHSA-4ww3-3rxj-8v6q
reference_id GHSA-4ww3-3rxj-8v6q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4ww3-3rxj-8v6q
13
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-0449, GHSA-4ww3-3rxj-8v6q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sx3a-wftd-rufh
25
url VCID-us61-ajgq-5uaa
vulnerability_id VCID-us61-ajgq-5uaa
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33167
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.0629
published_at 2026-06-11T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.0628
published_at 2026-06-14T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06299
published_at 2026-06-13T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.0631
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33167
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33167
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33167
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450552
reference_id 2450552
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450552
7
reference_url https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0
reference_id 6752711c8c31d79ba50d13af6a6698a3b85415e0
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/
url https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0
8
reference_url https://github.com/advisories/GHSA-pgm4-439c-5jp6
reference_id GHSA-pgm4-439c-5jp6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pgm4-439c-5jp6
9
reference_url https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6
reference_id GHSA-pgm4-439c-5jp6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/
url https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6
10
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id v8.1.2.1
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
fixed_packages
0
url pkg:gem/actionpack@8.1.2.1
purl pkg:gem/actionpack@8.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.1.2.1
aliases CVE-2026-33167, GHSA-pgm4-439c-5jp6
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-us61-ajgq-5uaa
26
url VCID-y17b-pzkn-j3c4
vulnerability_id VCID-y17b-pzkn-j3c4
summary rails Cross-site Scripting vulnerability
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
3
reference_url http://openwall.com/lists/oss-security/2011/06/09/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/09/2
4
reference_url http://openwall.com/lists/oss-security/2011/06/13/9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/13/9
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63821
published_at 2026-06-14T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.63707
published_at 2026-06-11T12:55:00Z
2
value 0.00442
scoring_system epss
scoring_elements 0.63809
published_at 2026-06-12T12:55:00Z
3
value 0.00442
scoring_system epss
scoring_elements 0.63822
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
6
reference_url http://secunia.com/advisories/44789
reference_id
reference_type
scores
url http://secunia.com/advisories/44789
7
reference_url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
10
reference_url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
11
reference_url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
reference_id CVE-2011-2197
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
reference_id CVE-2011-2197.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
14
reference_url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
reference_id GHSA-v9v4-7jp6-8c73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
fixed_packages
aliases CVE-2011-2197, GHSA-v9v4-7jp6-8c73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y17b-pzkn-j3c4
27
url VCID-zbyh-ajmd-tybh
vulnerability_id VCID-zbyh-ajmd-tybh
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47887
reference_id
reference_type
scores
0
value 0.00273
scoring_system epss
scoring_elements 0.50971
published_at 2026-06-11T12:55:00Z
1
value 0.00273
scoring_system epss
scoring_elements 0.51105
published_at 2026-06-14T12:55:00Z
2
value 0.00273
scoring_system epss
scoring_elements 0.51117
published_at 2026-06-13T12:55:00Z
3
value 0.00273
scoring_system epss
scoring_elements 0.51102
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47887
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319034
reference_id 2319034
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319034
7
reference_url https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049
reference_id 56b2fc3302836405b496e196a8d5fc0195e55049
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049
8
reference_url https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a
reference_id 7c1398854d51f9bb193fb79f226647351133d08a
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a
9
reference_url https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
reference_id 8e057db25bff1dc7a98e9ae72e0083825b9ac545
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47887
reference_id CVE-2024-47887
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-47887
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml
reference_id CVE-2024-47887.YML
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml
12
reference_url https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
reference_id f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
13
reference_url https://github.com/advisories/GHSA-vfg9-r3fq-jvx4
reference_id GHSA-vfg9-r3fq-jvx4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfg9-r3fq-jvx4
14
reference_url https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
reference_id GHSA-vfg9-r3fq-jvx4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
15
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:gem/actionpack@6.1.7.9
purl pkg:gem/actionpack@6.1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
1
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9
1
url pkg:gem/actionpack@7.0.0.alpha1
purl pkg:gem/actionpack@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3k19-3heq-dufq
2
vulnerability VCID-5r3f-m1fv-f7bp
3
vulnerability VCID-6hkq-y2fb-skgq
4
vulnerability VCID-fnx8-28wd-qqgx
5
vulnerability VCID-h6gd-uea5-u3bp
6
vulnerability VCID-q148-xawj-bkeu
7
vulnerability VCID-us61-ajgq-5uaa
8
vulnerability VCID-zbyh-ajmd-tybh
9
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1
2
url pkg:gem/actionpack@7.0.8.5
purl pkg:gem/actionpack@7.0.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
1
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5
3
url pkg:gem/actionpack@7.1.0.beta1
purl pkg:gem/actionpack@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-5r3f-m1fv-f7bp
2
vulnerability VCID-6hkq-y2fb-skgq
3
vulnerability VCID-q148-xawj-bkeu
4
vulnerability VCID-us61-ajgq-5uaa
5
vulnerability VCID-zbyh-ajmd-tybh
6
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1
4
url pkg:gem/actionpack@7.1.4.1
purl pkg:gem/actionpack@7.1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
1
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1
5
url pkg:gem/actionpack@7.2.0.beta1
purl pkg:gem/actionpack@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-q148-xawj-bkeu
2
vulnerability VCID-us61-ajgq-5uaa
3
vulnerability VCID-zbyh-ajmd-tybh
4
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1
6
url pkg:gem/actionpack@7.2.1.1
purl pkg:gem/actionpack@7.2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
1
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1
7
url pkg:gem/actionpack@8.0.0.beta1
purl pkg:gem/actionpack@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-us61-ajgq-5uaa
2
vulnerability VCID-zbyh-ajmd-tybh
3
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1
aliases CVE-2024-47887, GHSA-vfg9-r3fq-jvx4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbyh-ajmd-tybh
28
url VCID-ztpa-6u8j-zbbp
vulnerability_id VCID-ztpa-6u8j-zbbp
summary actionpack Improper Input Validation vulnerability
references
0
reference_url http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
reference_id
reference_type
scores
url http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3187
reference_id
reference_type
scores
0
value 0.08484
scoring_system epss
scoring_elements 0.92547
published_at 2026-06-11T12:55:00Z
1
value 0.08484
scoring_system epss
scoring_elements 0.92576
published_at 2026-06-14T12:55:00Z
2
value 0.08484
scoring_system epss
scoring_elements 0.92575
published_at 2026-06-13T12:55:00Z
3
value 0.08484
scoring_system epss
scoring_elements 0.92572
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3187
2
reference_url https://bugzilla.novell.com/show_bug.cgi?id=673010
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.novell.com/show_bug.cgi?id=673010
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
6
reference_url http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html
7
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
8
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
9
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
10
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3187
reference_id CVE-2011-3187
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3187
14
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb
reference_id CVE-2011-3187;OSVDB-73733
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb
15
reference_url https://www.securityfocus.com/bid/46423/info
reference_id CVE-2011-3187;OSVDB-73733
reference_type exploit
scores
url https://www.securityfocus.com/bid/46423/info
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml
reference_id CVE-2011-3187.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml
17
reference_url https://github.com/advisories/GHSA-3vfw-7rcp-3xgm
reference_id GHSA-3vfw-7rcp-3xgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vfw-7rcp-3xgm
fixed_packages
aliases CVE-2011-3187, GHSA-3vfw-7rcp-3xgm
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ztpa-6u8j-zbbp
29
url VCID-zxy2-w4m6-tucw
vulnerability_id VCID-zxy2-w4m6-tucw
summary Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54133
reference_id
reference_type
scores
0
value 0.0019
scoring_system epss
scoring_elements 0.40917
published_at 2026-06-14T12:55:00Z
1
value 0.0019
scoring_system epss
scoring_elements 0.4093
published_at 2026-06-13T12:55:00Z
2
value 0.0019
scoring_system epss
scoring_elements 0.40739
published_at 2026-06-11T12:55:00Z
3
value 0.0019
scoring_system epss
scoring_elements 0.40906
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54133
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-54133
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-54133
6
reference_url https://security.netapp.com/advisory/ntap-20250306-0010
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250306-0010
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755
reference_id 1089755
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331619
reference_id 2331619
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331619
9
reference_url https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49
reference_id 2e3f41e4538b9ca1044357f6644f037bbb7c6c49
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49
10
reference_url https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a
reference_id 3da2479cfe1e00177114b17e496213c40d286b3a
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a
11
reference_url https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542
reference_id 5558e72f22fc69c1c407b31ac5fb3b4ce087b542
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542
12
reference_url https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d
reference_id cb16a3bb515b5d769f73926d9757270ace691f1d
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d
13
reference_url https://github.com/advisories/GHSA-vfm5-rmrh-j26v
reference_id GHSA-vfm5-rmrh-j26v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfm5-rmrh-j26v
14
reference_url https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
reference_id GHSA-vfm5-rmrh-j26v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
fixed_packages
0
url pkg:gem/actionpack@7.0.8.7
purl pkg:gem/actionpack@7.0.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.7
1
url pkg:gem/actionpack@7.1.0.beta1
purl pkg:gem/actionpack@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-5r3f-m1fv-f7bp
2
vulnerability VCID-6hkq-y2fb-skgq
3
vulnerability VCID-q148-xawj-bkeu
4
vulnerability VCID-us61-ajgq-5uaa
5
vulnerability VCID-zbyh-ajmd-tybh
6
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1
2
url pkg:gem/actionpack@7.1.5.1
purl pkg:gem/actionpack@7.1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.5.1
3
url pkg:gem/actionpack@7.2.0.beta1
purl pkg:gem/actionpack@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-q148-xawj-bkeu
2
vulnerability VCID-us61-ajgq-5uaa
3
vulnerability VCID-zbyh-ajmd-tybh
4
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1
4
url pkg:gem/actionpack@7.2.2.1
purl pkg:gem/actionpack@7.2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.2.1
5
url pkg:gem/actionpack@8.0.0.beta1
purl pkg:gem/actionpack@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3k19-3heq-dufq
1
vulnerability VCID-us61-ajgq-5uaa
2
vulnerability VCID-zbyh-ajmd-tybh
3
vulnerability VCID-zxy2-w4m6-tucw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1
6
url pkg:gem/actionpack@8.0.0.1
purl pkg:gem/actionpack@8.0.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-us61-ajgq-5uaa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.1
aliases CVE-2024-54133, GHSA-vfm5-rmrh-j26v
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxy2-w4m6-tucw
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.1.3.rc2