Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@3.0.17
Typegem
Namespace
Nameactionpack
Version3.0.17
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.1.2.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-1161-4sdr-fkc3
vulnerability_id VCID-1161-4sdr-fkc3
summary 
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7818
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44675
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7818
3
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ
4
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1161499
reference_id 1161499
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1161499
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
reference_id 770934
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7818
reference_id CVE-2014-7818
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7818
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml
reference_id CVE-2014-7818.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml
9
reference_url https://puppet.com/security/cve/cve-2014-7829
reference_id CVE-2014-7829
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2014-7829
10
reference_url https://github.com/advisories/GHSA-29gr-w57f-rpfw
reference_id GHSA-29gr-w57f-rpfw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-29gr-w57f-rpfw
fixed_packages
0
url pkg:gem/actionpack@3.2.20
purl pkg:gem/actionpack@3.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-ct3m-wed2-6bhq
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-r7ur-pzac-7bbk
22
vulnerability VCID-sd3k-af7j-h7h4
23
vulnerability VCID-semx-3823-f7f6
24
vulnerability VCID-sevc-c95q-tyg8
25
vulnerability VCID-t1ep-g6cz-7kgr
26
vulnerability VCID-tc9x-h24m-9ufe
27
vulnerability VCID-vm51-p4w4-n3du
28
vulnerability VCID-wyvv-ks5y-fkex
29
vulnerability VCID-x6wm-6c84-2qdw
30
vulnerability VCID-xhqj-617q-f7fb
31
vulnerability VCID-yp5x-mgfj-xbbf
32
vulnerability VCID-ypmv-73g2-gfex
33
vulnerability VCID-yrjj-cken-6qff
34
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.20
1
url pkg:gem/actionpack@4.0.11
purl pkg:gem/actionpack@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-ct3m-wed2-6bhq
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-pssv-24tn-kkc5
22
vulnerability VCID-r7ur-pzac-7bbk
23
vulnerability VCID-sd3k-af7j-h7h4
24
vulnerability VCID-semx-3823-f7f6
25
vulnerability VCID-sevc-c95q-tyg8
26
vulnerability VCID-t1ep-g6cz-7kgr
27
vulnerability VCID-tc9x-h24m-9ufe
28
vulnerability VCID-wyvv-ks5y-fkex
29
vulnerability VCID-x6wm-6c84-2qdw
30
vulnerability VCID-xhqj-617q-f7fb
31
vulnerability VCID-yp5x-mgfj-xbbf
32
vulnerability VCID-ypmv-73g2-gfex
33
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11
2
url pkg:gem/actionpack@4.1.0.beta1
purl pkg:gem/actionpack@4.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-fm16-z8wy-6fgz
15
vulnerability VCID-fnkq-8eys-gygm
16
vulnerability VCID-hud5-xxhh-u3ex
17
vulnerability VCID-j585-zz5s-nqd5
18
vulnerability VCID-jnrw-sue5-zqex
19
vulnerability VCID-kyj5-b8wz-pkgj
20
vulnerability VCID-m8rg-xa7x-6yan
21
vulnerability VCID-mrwn-mkcp-j7dv
22
vulnerability VCID-n2ap-zgrd-skhf
23
vulnerability VCID-pssv-24tn-kkc5
24
vulnerability VCID-r7ur-pzac-7bbk
25
vulnerability VCID-sd3k-af7j-h7h4
26
vulnerability VCID-semx-3823-f7f6
27
vulnerability VCID-sevc-c95q-tyg8
28
vulnerability VCID-t1ep-g6cz-7kgr
29
vulnerability VCID-tc9x-h24m-9ufe
30
vulnerability VCID-wyvv-ks5y-fkex
31
vulnerability VCID-x6wm-6c84-2qdw
32
vulnerability VCID-xhqj-617q-f7fb
33
vulnerability VCID-yp5x-mgfj-xbbf
34
vulnerability VCID-ypmv-73g2-gfex
35
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1
3
url pkg:gem/actionpack@4.1.7
purl pkg:gem/actionpack@4.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-ct3m-wed2-6bhq
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-pssv-24tn-kkc5
22
vulnerability VCID-r7ur-pzac-7bbk
23
vulnerability VCID-sd3k-af7j-h7h4
24
vulnerability VCID-semx-3823-f7f6
25
vulnerability VCID-sevc-c95q-tyg8
26
vulnerability VCID-t1ep-g6cz-7kgr
27
vulnerability VCID-tc9x-h24m-9ufe
28
vulnerability VCID-wyvv-ks5y-fkex
29
vulnerability VCID-x6wm-6c84-2qdw
30
vulnerability VCID-xhqj-617q-f7fb
31
vulnerability VCID-yp5x-mgfj-xbbf
32
vulnerability VCID-ypmv-73g2-gfex
33
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7
4
url pkg:gem/actionpack@4.2.0.beta1
purl pkg:gem/actionpack@4.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-31rm-1rpc-g3dq
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-6cjf-b88j-n3bw
5
vulnerability VCID-6jdd-kze9-myfz
6
vulnerability VCID-7yhn-w7nv-xqf7
7
vulnerability VCID-9w4d-2z52-wyaf
8
vulnerability VCID-apra-79g2-wkfn
9
vulnerability VCID-b5zn-u8pu-zya6
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-pssv-24tn-kkc5
22
vulnerability VCID-r7ur-pzac-7bbk
23
vulnerability VCID-sd3k-af7j-h7h4
24
vulnerability VCID-semx-3823-f7f6
25
vulnerability VCID-sevc-c95q-tyg8
26
vulnerability VCID-t1ep-g6cz-7kgr
27
vulnerability VCID-tc9x-h24m-9ufe
28
vulnerability VCID-wyvv-ks5y-fkex
29
vulnerability VCID-x6wm-6c84-2qdw
30
vulnerability VCID-xhqj-617q-f7fb
31
vulnerability VCID-yp5x-mgfj-xbbf
32
vulnerability VCID-ypmv-73g2-gfex
33
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1
5
url pkg:gem/actionpack@4.2.0.beta3
purl pkg:gem/actionpack@4.2.0.beta3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fnkq-8eys-gygm
13
vulnerability VCID-hud5-xxhh-u3ex
14
vulnerability VCID-j585-zz5s-nqd5
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-pssv-24tn-kkc5
21
vulnerability VCID-r7ur-pzac-7bbk
22
vulnerability VCID-sd3k-af7j-h7h4
23
vulnerability VCID-semx-3823-f7f6
24
vulnerability VCID-sevc-c95q-tyg8
25
vulnerability VCID-t1ep-g6cz-7kgr
26
vulnerability VCID-tc9x-h24m-9ufe
27
vulnerability VCID-wyvv-ks5y-fkex
28
vulnerability VCID-x6wm-6c84-2qdw
29
vulnerability VCID-xhqj-617q-f7fb
30
vulnerability VCID-yp5x-mgfj-xbbf
31
vulnerability VCID-ypmv-73g2-gfex
32
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta3
aliases CVE-2014-7818, GHSA-29gr-w57f-rpfw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1161-4sdr-fkc3
1
url VCID-14eh-tn37-bfhu
vulnerability_id VCID-14eh-tn37-bfhu
summary 
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-1794.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1794.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0008.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2014-0469.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0469.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6417
reference_id
reference_type
scores
0
value 0.00512
scoring_system epss
scoring_elements 0.66801
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6417
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
14
reference_url http://seclists.org/oss-sec/2013/q4/403
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/403
15
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
16
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ
17
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4
18
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
19
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
20
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036409
reference_id 1036409
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036409
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6417
reference_id CVE-2013-6417
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6417
23
reference_url https://puppet.com/security/cve/cve-2013-6417
reference_id CVE-2013-6417
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-6417
24
reference_url https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417
reference_id CVE-2013-6417
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417
25
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml
reference_id CVE-2013-6417.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml
26
reference_url https://github.com/advisories/GHSA-wpw7-wxjm-cw8r
reference_id GHSA-wpw7-wxjm-cw8r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpw7-wxjm-cw8r
27
reference_url https://access.redhat.com/errata/RHSA-2013:1794
reference_id RHSA-2013:1794
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1794
28
reference_url https://access.redhat.com/errata/RHSA-2014:0008
reference_id RHSA-2014:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0008
29
reference_url https://access.redhat.com/errata/RHSA-2014:0469
reference_id RHSA-2014:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0469
fixed_packages
0
url pkg:gem/actionpack@3.2.16
purl pkg:gem/actionpack@3.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-f8s8-epzh-3bhw
15
vulnerability VCID-fm16-z8wy-6fgz
16
vulnerability VCID-fnkq-8eys-gygm
17
vulnerability VCID-hud5-xxhh-u3ex
18
vulnerability VCID-j52w-azvw-1ycn
19
vulnerability VCID-j585-zz5s-nqd5
20
vulnerability VCID-jnrw-sue5-zqex
21
vulnerability VCID-kyj5-b8wz-pkgj
22
vulnerability VCID-m8rg-xa7x-6yan
23
vulnerability VCID-mrwn-mkcp-j7dv
24
vulnerability VCID-n2ap-zgrd-skhf
25
vulnerability VCID-r7ur-pzac-7bbk
26
vulnerability VCID-sd3k-af7j-h7h4
27
vulnerability VCID-semx-3823-f7f6
28
vulnerability VCID-sevc-c95q-tyg8
29
vulnerability VCID-t1ep-g6cz-7kgr
30
vulnerability VCID-tc9x-h24m-9ufe
31
vulnerability VCID-vm51-p4w4-n3du
32
vulnerability VCID-wyvv-ks5y-fkex
33
vulnerability VCID-x6wm-6c84-2qdw
34
vulnerability VCID-xhqj-617q-f7fb
35
vulnerability VCID-yp5x-mgfj-xbbf
36
vulnerability VCID-ypmv-73g2-gfex
37
vulnerability VCID-yrjj-cken-6qff
38
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16
1
url pkg:gem/actionpack@4.0.2
purl pkg:gem/actionpack@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-fm16-z8wy-6fgz
15
vulnerability VCID-fnkq-8eys-gygm
16
vulnerability VCID-hud5-xxhh-u3ex
17
vulnerability VCID-j52w-azvw-1ycn
18
vulnerability VCID-j585-zz5s-nqd5
19
vulnerability VCID-jnrw-sue5-zqex
20
vulnerability VCID-kyj5-b8wz-pkgj
21
vulnerability VCID-m8rg-xa7x-6yan
22
vulnerability VCID-mrwn-mkcp-j7dv
23
vulnerability VCID-n2ap-zgrd-skhf
24
vulnerability VCID-pssv-24tn-kkc5
25
vulnerability VCID-r7ur-pzac-7bbk
26
vulnerability VCID-sd3k-af7j-h7h4
27
vulnerability VCID-semx-3823-f7f6
28
vulnerability VCID-sevc-c95q-tyg8
29
vulnerability VCID-t1ep-g6cz-7kgr
30
vulnerability VCID-tc9x-h24m-9ufe
31
vulnerability VCID-wyvv-ks5y-fkex
32
vulnerability VCID-x6wm-6c84-2qdw
33
vulnerability VCID-xhqj-617q-f7fb
34
vulnerability VCID-yp5x-mgfj-xbbf
35
vulnerability VCID-ypmv-73g2-gfex
36
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2
aliases CVE-2013-6417, GHSA-wpw7-wxjm-cw8r, OSV-100527
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14eh-tn37-bfhu
2
url VCID-1bxj-7h5q-jbdz
vulnerability_id VCID-1bxj-7h5q-jbdz
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
reference_id
reference_type
scores
0
value 0.03338
scoring_system epss
scoring_elements 0.87509
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
5
reference_url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/releases/tag/v5.2.4.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.4.6
9
reference_url https://github.com/rails/rails/releases/tag/v5.2.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.6
10
reference_url https://github.com/rails/rails/releases/tag/v6.0.3.7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.0.3.7
11
reference_url https://github.com/rails/rails/releases/tag/v6.1.3.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.3.2
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
13
reference_url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
14
reference_url https://hackerone.com/reports/1101125
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1101125
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
16
reference_url https://security.netapp.com/advisory/ntap-20210805-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0009
17
reference_url https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0009/
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
reference_id 1961379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id 988214
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
20
reference_url https://security.archlinux.org/AVG-1920
reference_id AVG-1920
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1920
21
reference_url https://security.archlinux.org/AVG-1921
reference_id AVG-1921
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1921
22
reference_url https://security.archlinux.org/AVG-2090
reference_id AVG-2090
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2090
23
reference_url https://security.archlinux.org/AVG-2223
reference_id AVG-2223
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2223
24
reference_url https://github.com/advisories/GHSA-7wjx-3g7j-8584
reference_id GHSA-7wjx-3g7j-8584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7wjx-3g7j-8584
25
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
fixed_packages
0
url pkg:gem/actionpack@5.2.4.6
purl pkg:gem/actionpack@5.2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1f8y-2bmg-qufg
1
vulnerability VCID-43zc-ndt3-xfc5
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-9w4d-2z52-wyaf
4
vulnerability VCID-f22x-hsz9-kfau
5
vulnerability VCID-fnkq-8eys-gygm
6
vulnerability VCID-n2ap-zgrd-skhf
7
vulnerability VCID-sd3k-af7j-h7h4
8
vulnerability VCID-semx-3823-f7f6
9
vulnerability VCID-x6wm-6c84-2qdw
10
vulnerability VCID-xhqj-617q-f7fb
11
vulnerability VCID-yp5x-mgfj-xbbf
12
vulnerability VCID-ypmv-73g2-gfex
13
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.6
1
url pkg:gem/actionpack@5.2.6
purl pkg:gem/actionpack@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1f8y-2bmg-qufg
1
vulnerability VCID-43zc-ndt3-xfc5
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-9w4d-2z52-wyaf
4
vulnerability VCID-f22x-hsz9-kfau
5
vulnerability VCID-fnkq-8eys-gygm
6
vulnerability VCID-n2ap-zgrd-skhf
7
vulnerability VCID-sd3k-af7j-h7h4
8
vulnerability VCID-semx-3823-f7f6
9
vulnerability VCID-x6wm-6c84-2qdw
10
vulnerability VCID-xhqj-617q-f7fb
11
vulnerability VCID-yp5x-mgfj-xbbf
12
vulnerability VCID-ypmv-73g2-gfex
13
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6
2
url pkg:gem/actionpack@6.0.3.7
purl pkg:gem/actionpack@6.0.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1f8y-2bmg-qufg
1
vulnerability VCID-43zc-ndt3-xfc5
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-9w4d-2z52-wyaf
4
vulnerability VCID-eecu-e2ds-jbdc
5
vulnerability VCID-f22x-hsz9-kfau
6
vulnerability VCID-fnkq-8eys-gygm
7
vulnerability VCID-n2ap-zgrd-skhf
8
vulnerability VCID-nvse-2qzf-n7ba
9
vulnerability VCID-sd3k-af7j-h7h4
10
vulnerability VCID-semx-3823-f7f6
11
vulnerability VCID-x6wm-6c84-2qdw
12
vulnerability VCID-xhqj-617q-f7fb
13
vulnerability VCID-yp5x-mgfj-xbbf
14
vulnerability VCID-ypmv-73g2-gfex
15
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.7
3
url pkg:gem/actionpack@6.1.3.2
purl pkg:gem/actionpack@6.1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1f8y-2bmg-qufg
1
vulnerability VCID-43zc-ndt3-xfc5
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-9w4d-2z52-wyaf
4
vulnerability VCID-eecu-e2ds-jbdc
5
vulnerability VCID-f22x-hsz9-kfau
6
vulnerability VCID-fnkq-8eys-gygm
7
vulnerability VCID-n2ap-zgrd-skhf
8
vulnerability VCID-nvse-2qzf-n7ba
9
vulnerability VCID-semx-3823-f7f6
10
vulnerability VCID-x6wm-6c84-2qdw
11
vulnerability VCID-xhqj-617q-f7fb
12
vulnerability VCID-yp5x-mgfj-xbbf
13
vulnerability VCID-ypmv-73g2-gfex
14
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2
aliases CVE-2021-22904, GHSA-7wjx-3g7j-8584
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxj-7h5q-jbdz
3
url VCID-26je-urbt-8kee
vulnerability_id VCID-26je-urbt-8kee
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
1
reference_url http://openwall.com/lists/oss-security/2014/02/18/8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/02/18/8
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0215.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0215.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2014-0306.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0306.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0081
reference_id
reference_type
scores
0
value 0.00885
scoring_system epss
scoring_elements 0.75774
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0081
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb
11
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4
12
reference_url https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782
13
reference_url https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647
14
reference_url https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1065520
reference_id 1065520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1065520
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0081
reference_id CVE-2014-0081
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0081
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml
reference_id CVE-2014-0081.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml
reference_id CVE-2014-0081.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml
19
reference_url https://github.com/advisories/GHSA-m46p-ggm5-5j83
reference_id GHSA-m46p-ggm5-5j83
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m46p-ggm5-5j83
20
reference_url https://access.redhat.com/errata/RHSA-2014:0215
reference_id RHSA-2014:0215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0215
21
reference_url https://access.redhat.com/errata/RHSA-2014:0306
reference_id RHSA-2014:0306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0306
fixed_packages
0
url pkg:gem/actionpack@3.2.17
purl pkg:gem/actionpack@3.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-31rm-1rpc-g3dq
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-6cjf-b88j-n3bw
5
vulnerability VCID-6jdd-kze9-myfz
6
vulnerability VCID-7yhn-w7nv-xqf7
7
vulnerability VCID-9w4d-2z52-wyaf
8
vulnerability VCID-apra-79g2-wkfn
9
vulnerability VCID-b5zn-u8pu-zya6
10
vulnerability VCID-ct3m-wed2-6bhq
11
vulnerability VCID-dz1r-ae9g-57en
12
vulnerability VCID-f22x-hsz9-kfau
13
vulnerability VCID-fm16-z8wy-6fgz
14
vulnerability VCID-fnkq-8eys-gygm
15
vulnerability VCID-hud5-xxhh-u3ex
16
vulnerability VCID-j52w-azvw-1ycn
17
vulnerability VCID-j585-zz5s-nqd5
18
vulnerability VCID-jnrw-sue5-zqex
19
vulnerability VCID-kyj5-b8wz-pkgj
20
vulnerability VCID-m8rg-xa7x-6yan
21
vulnerability VCID-mrwn-mkcp-j7dv
22
vulnerability VCID-n2ap-zgrd-skhf
23
vulnerability VCID-r7ur-pzac-7bbk
24
vulnerability VCID-sd3k-af7j-h7h4
25
vulnerability VCID-semx-3823-f7f6
26
vulnerability VCID-sevc-c95q-tyg8
27
vulnerability VCID-t1ep-g6cz-7kgr
28
vulnerability VCID-tc9x-h24m-9ufe
29
vulnerability VCID-vm51-p4w4-n3du
30
vulnerability VCID-wyvv-ks5y-fkex
31
vulnerability VCID-x6wm-6c84-2qdw
32
vulnerability VCID-xhqj-617q-f7fb
33
vulnerability VCID-yp5x-mgfj-xbbf
34
vulnerability VCID-ypmv-73g2-gfex
35
vulnerability VCID-yrjj-cken-6qff
36
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17
1
url pkg:gem/actionpack@4.0.3
purl pkg:gem/actionpack@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-31rm-1rpc-g3dq
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-6cjf-b88j-n3bw
5
vulnerability VCID-6jdd-kze9-myfz
6
vulnerability VCID-7yhn-w7nv-xqf7
7
vulnerability VCID-9w4d-2z52-wyaf
8
vulnerability VCID-apra-79g2-wkfn
9
vulnerability VCID-b5zn-u8pu-zya6
10
vulnerability VCID-ct3m-wed2-6bhq
11
vulnerability VCID-dz1r-ae9g-57en
12
vulnerability VCID-f22x-hsz9-kfau
13
vulnerability VCID-fm16-z8wy-6fgz
14
vulnerability VCID-fnkq-8eys-gygm
15
vulnerability VCID-hud5-xxhh-u3ex
16
vulnerability VCID-j52w-azvw-1ycn
17
vulnerability VCID-j585-zz5s-nqd5
18
vulnerability VCID-jnrw-sue5-zqex
19
vulnerability VCID-kyj5-b8wz-pkgj
20
vulnerability VCID-m8rg-xa7x-6yan
21
vulnerability VCID-mrwn-mkcp-j7dv
22
vulnerability VCID-n2ap-zgrd-skhf
23
vulnerability VCID-pssv-24tn-kkc5
24
vulnerability VCID-r7ur-pzac-7bbk
25
vulnerability VCID-sd3k-af7j-h7h4
26
vulnerability VCID-semx-3823-f7f6
27
vulnerability VCID-sevc-c95q-tyg8
28
vulnerability VCID-t1ep-g6cz-7kgr
29
vulnerability VCID-tc9x-h24m-9ufe
30
vulnerability VCID-wyvv-ks5y-fkex
31
vulnerability VCID-x6wm-6c84-2qdw
32
vulnerability VCID-xhqj-617q-f7fb
33
vulnerability VCID-yp5x-mgfj-xbbf
34
vulnerability VCID-ypmv-73g2-gfex
35
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.3
2
url pkg:gem/actionpack@4.1.0.beta1
purl pkg:gem/actionpack@4.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-fm16-z8wy-6fgz
15
vulnerability VCID-fnkq-8eys-gygm
16
vulnerability VCID-hud5-xxhh-u3ex
17
vulnerability VCID-j585-zz5s-nqd5
18
vulnerability VCID-jnrw-sue5-zqex
19
vulnerability VCID-kyj5-b8wz-pkgj
20
vulnerability VCID-m8rg-xa7x-6yan
21
vulnerability VCID-mrwn-mkcp-j7dv
22
vulnerability VCID-n2ap-zgrd-skhf
23
vulnerability VCID-pssv-24tn-kkc5
24
vulnerability VCID-r7ur-pzac-7bbk
25
vulnerability VCID-sd3k-af7j-h7h4
26
vulnerability VCID-semx-3823-f7f6
27
vulnerability VCID-sevc-c95q-tyg8
28
vulnerability VCID-t1ep-g6cz-7kgr
29
vulnerability VCID-tc9x-h24m-9ufe
30
vulnerability VCID-wyvv-ks5y-fkex
31
vulnerability VCID-x6wm-6c84-2qdw
32
vulnerability VCID-xhqj-617q-f7fb
33
vulnerability VCID-yp5x-mgfj-xbbf
34
vulnerability VCID-ypmv-73g2-gfex
35
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1
3
url pkg:gem/actionpack@4.1.1
purl pkg:gem/actionpack@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-31rm-1rpc-g3dq
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-6cjf-b88j-n3bw
5
vulnerability VCID-6jdd-kze9-myfz
6
vulnerability VCID-7yhn-w7nv-xqf7
7
vulnerability VCID-9w4d-2z52-wyaf
8
vulnerability VCID-apra-79g2-wkfn
9
vulnerability VCID-b5zn-u8pu-zya6
10
vulnerability VCID-ct3m-wed2-6bhq
11
vulnerability VCID-dz1r-ae9g-57en
12
vulnerability VCID-f22x-hsz9-kfau
13
vulnerability VCID-fm16-z8wy-6fgz
14
vulnerability VCID-fnkq-8eys-gygm
15
vulnerability VCID-hud5-xxhh-u3ex
16
vulnerability VCID-j585-zz5s-nqd5
17
vulnerability VCID-jnrw-sue5-zqex
18
vulnerability VCID-kyj5-b8wz-pkgj
19
vulnerability VCID-m8rg-xa7x-6yan
20
vulnerability VCID-mrwn-mkcp-j7dv
21
vulnerability VCID-n2ap-zgrd-skhf
22
vulnerability VCID-pssv-24tn-kkc5
23
vulnerability VCID-r7ur-pzac-7bbk
24
vulnerability VCID-sd3k-af7j-h7h4
25
vulnerability VCID-semx-3823-f7f6
26
vulnerability VCID-sevc-c95q-tyg8
27
vulnerability VCID-t1ep-g6cz-7kgr
28
vulnerability VCID-tc9x-h24m-9ufe
29
vulnerability VCID-wyvv-ks5y-fkex
30
vulnerability VCID-x6wm-6c84-2qdw
31
vulnerability VCID-xhqj-617q-f7fb
32
vulnerability VCID-yp5x-mgfj-xbbf
33
vulnerability VCID-ypmv-73g2-gfex
34
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1
aliases CVE-2014-0081, GHSA-m46p-ggm5-5j83, OSV-103439
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-26je-urbt-8kee
4
url VCID-31rm-1rpc-g3dq
vulnerability_id VCID-31rm-1rpc-g3dq
summary 
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36566
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
10
reference_url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
12
reference_url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
13
reference_url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
14
reference_url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827353
reference_id 827353
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827353
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
reference_id CVE-2012-2660
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
19
reference_url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
reference_id GHSA-hgpp-pp89-4fgf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
20
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
21
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/actionpack@3.1.5
purl pkg:gem/actionpack@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-de5p-39kn-pkd3
16
vulnerability VCID-dz1r-ae9g-57en
17
vulnerability VCID-f22x-hsz9-kfau
18
vulnerability VCID-f8s8-epzh-3bhw
19
vulnerability VCID-fm16-z8wy-6fgz
20
vulnerability VCID-fnkq-8eys-gygm
21
vulnerability VCID-ghfd-u91m-dbdz
22
vulnerability VCID-gqg3-gs2h-zugf
23
vulnerability VCID-hud5-xxhh-u3ex
24
vulnerability VCID-j52w-azvw-1ycn
25
vulnerability VCID-j585-zz5s-nqd5
26
vulnerability VCID-jnrw-sue5-zqex
27
vulnerability VCID-kyj5-b8wz-pkgj
28
vulnerability VCID-m8rg-xa7x-6yan
29
vulnerability VCID-mrwn-mkcp-j7dv
30
vulnerability VCID-n2ap-zgrd-skhf
31
vulnerability VCID-pzs8-zstn-hbf2
32
vulnerability VCID-r7ur-pzac-7bbk
33
vulnerability VCID-sd3k-af7j-h7h4
34
vulnerability VCID-semx-3823-f7f6
35
vulnerability VCID-sevc-c95q-tyg8
36
vulnerability VCID-sfnx-agxs-9yc9
37
vulnerability VCID-swv6-gyb1-y7bs
38
vulnerability VCID-t1ep-g6cz-7kgr
39
vulnerability VCID-tc9x-h24m-9ufe
40
vulnerability VCID-vaa4-b9ph-b7cm
41
vulnerability VCID-wyvv-ks5y-fkex
42
vulnerability VCID-x6wm-6c84-2qdw
43
vulnerability VCID-xhqj-617q-f7fb
44
vulnerability VCID-yp5x-mgfj-xbbf
45
vulnerability VCID-ypmv-73g2-gfex
46
vulnerability VCID-yrjj-cken-6qff
47
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5
1
url pkg:gem/actionpack@3.2.4
purl pkg:gem/actionpack@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-apra-79g2-wkfn
13
vulnerability VCID-auvj-pgpu-mybv
14
vulnerability VCID-b5zn-u8pu-zya6
15
vulnerability VCID-ct3m-wed2-6bhq
16
vulnerability VCID-de5p-39kn-pkd3
17
vulnerability VCID-dz1r-ae9g-57en
18
vulnerability VCID-f22x-hsz9-kfau
19
vulnerability VCID-f8s8-epzh-3bhw
20
vulnerability VCID-fm16-z8wy-6fgz
21
vulnerability VCID-fnkq-8eys-gygm
22
vulnerability VCID-ghfd-u91m-dbdz
23
vulnerability VCID-gqg3-gs2h-zugf
24
vulnerability VCID-hud5-xxhh-u3ex
25
vulnerability VCID-j52w-azvw-1ycn
26
vulnerability VCID-j585-zz5s-nqd5
27
vulnerability VCID-jnrw-sue5-zqex
28
vulnerability VCID-kyj5-b8wz-pkgj
29
vulnerability VCID-m8rg-xa7x-6yan
30
vulnerability VCID-mrwn-mkcp-j7dv
31
vulnerability VCID-n2ap-zgrd-skhf
32
vulnerability VCID-pzs8-zstn-hbf2
33
vulnerability VCID-r7ur-pzac-7bbk
34
vulnerability VCID-sd3k-af7j-h7h4
35
vulnerability VCID-semx-3823-f7f6
36
vulnerability VCID-sevc-c95q-tyg8
37
vulnerability VCID-sfnx-agxs-9yc9
38
vulnerability VCID-swv6-gyb1-y7bs
39
vulnerability VCID-t1ep-g6cz-7kgr
40
vulnerability VCID-tc9x-h24m-9ufe
41
vulnerability VCID-vaa4-b9ph-b7cm
42
vulnerability VCID-vm51-p4w4-n3du
43
vulnerability VCID-wyvv-ks5y-fkex
44
vulnerability VCID-x6wm-6c84-2qdw
45
vulnerability VCID-xhqj-617q-f7fb
46
vulnerability VCID-yp5x-mgfj-xbbf
47
vulnerability VCID-ypmv-73g2-gfex
48
vulnerability VCID-yrjj-cken-6qff
49
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4
aliases CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31rm-1rpc-g3dq
5
url VCID-4jjq-jkgc-mkca
vulnerability_id VCID-4jjq-jkgc-mkca
summary 
Rails has possible XSS Vulnerability in Action Controller
# Possible XSS Vulnerability in Action Controller

There is a possible XSS vulnerability when using the translation helpers
(`translate`, `t`, etc) in Action Controller. This vulnerability has been
assigned the CVE identifier CVE-2024-26143.

Versions Affected:  >= 7.0.0.
Not affected:       < 7.0.0
Fixed Versions:     7.1.3.1, 7.0.8.1

Impact
------
Applications using translation methods like `translate`, or `t` on a
controller, with a key ending in "_html", a `:default` key which contains
untrusted user input, and the resulting string is used in a view, may be
susceptible to an XSS vulnerability.

For example, impacted code will look something like this:

```ruby
class ArticlesController < ApplicationController
  def show  
    @message = t("message_html", default: untrusted_input)
    # The `show` template displays the contents of `@message`
  end
end
```

To reiterate the pre-conditions, applications must:

* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from
  a view)
* Use a key that ends in `_html`
* Use a default value where the default value is untrusted and unescaped input
* Send the text to the victim (whether that's part of a template, or a
  `render` call)

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

*  7-0-translate-xss.patch - Patch for 7.0 series
*  7-1-translate-xss.patch - Patch for 7.1 series

Credits
-------

Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26143
reference_id
reference_type
scores
0
value 0.02067
scoring_system epss
scoring_elements 0.84217
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26143
2
reference_url https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
6
reference_url https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
7
reference_url https://security.netapp.com/advisory/ntap-20240510-0004
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240510-0004
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266388
reference_id 2266388
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266388
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26143
reference_id CVE-2024-26143
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26143
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
reference_id CVE-2024-26143.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
11
reference_url https://github.com/advisories/GHSA-9822-6m93-xqf4
reference_id GHSA-9822-6m93-xqf4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9822-6m93-xqf4
12
reference_url https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
reference_id GHSA-9822-6m93-xqf4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
13
reference_url https://security.netapp.com/advisory/ntap-20240510-0004/
reference_id ntap-20240510-0004
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://security.netapp.com/advisory/ntap-20240510-0004/
fixed_packages
0
url pkg:gem/actionpack@7.0.8.1
purl pkg:gem/actionpack@7.0.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-fnkq-8eys-gygm
3
vulnerability VCID-ypmv-73g2-gfex
4
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.1
1
url pkg:gem/actionpack@7.1.3.1
purl pkg:gem/actionpack@7.1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-fnkq-8eys-gygm
3
vulnerability VCID-ypmv-73g2-gfex
4
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1
aliases CVE-2024-26143, GHSA-9822-6m93-xqf4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4jjq-jkgc-mkca
6
url VCID-6as7-jkwa-53dk
vulnerability_id VCID-6as7-jkwa-53dk
summary 
Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0153.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0153.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0155.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0155.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0156
reference_id
reference_type
scores
0
value 0.91907
scoring_system epss
scoring_elements 0.99708
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0156
5
reference_url https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ
8
reference_url https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain
9
reference_url https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
10
reference_url https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
11
reference_url https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156
12
reference_url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released
13
reference_url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
14
reference_url http://www.debian.org/security/2013/dsa-2604
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2604
15
reference_url http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html
16
reference_url http://www.insinuator.net/2013/01/rails-yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.insinuator.net/2013/01/rails-yaml
17
reference_url http://www.insinuator.net/2013/01/rails-yaml/
reference_id
reference_type
scores
url http://www.insinuator.net/2013/01/rails-yaml/
18
reference_url http://www.kb.cert.org/vuls/id/380039
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/380039
19
reference_url http://www.kb.cert.org/vuls/id/628463
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/628463
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722
reference_id 697722
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=892870
reference_id 892870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=892870
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0156
reference_id CVE-2013-0156
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0156
23
reference_url https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/
reference_id CVE-2013-0156
reference_type
scores
url https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/
24
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb
reference_id CVE-2013-0156;OSVDB-89026
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb
25
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb
reference_id CVE-2013-0156;OSVDB-89026
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb
26
reference_url https://github.com/advisories/GHSA-jmgw-6vjg-jjwg
reference_id GHSA-jmgw-6vjg-jjwg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmgw-6vjg-jjwg
27
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
28
reference_url https://access.redhat.com/errata/RHSA-2013:0153
reference_id RHSA-2013:0153
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0153
29
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
30
reference_url https://access.redhat.com/errata/RHSA-2013:0155
reference_id RHSA-2013:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0155
fixed_packages
0
url pkg:gem/actionpack@3.0.19
purl pkg:gem/actionpack@3.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6cjf-b88j-n3bw
7
vulnerability VCID-6jdd-kze9-myfz
8
vulnerability VCID-7yhn-w7nv-xqf7
9
vulnerability VCID-9w4d-2z52-wyaf
10
vulnerability VCID-auvj-pgpu-mybv
11
vulnerability VCID-b5zn-u8pu-zya6
12
vulnerability VCID-ct3m-wed2-6bhq
13
vulnerability VCID-dz1r-ae9g-57en
14
vulnerability VCID-f22x-hsz9-kfau
15
vulnerability VCID-f8s8-epzh-3bhw
16
vulnerability VCID-fm16-z8wy-6fgz
17
vulnerability VCID-fnkq-8eys-gygm
18
vulnerability VCID-ghfd-u91m-dbdz
19
vulnerability VCID-gqg3-gs2h-zugf
20
vulnerability VCID-hud5-xxhh-u3ex
21
vulnerability VCID-j52w-azvw-1ycn
22
vulnerability VCID-j585-zz5s-nqd5
23
vulnerability VCID-jnrw-sue5-zqex
24
vulnerability VCID-kyj5-b8wz-pkgj
25
vulnerability VCID-m8rg-xa7x-6yan
26
vulnerability VCID-mrwn-mkcp-j7dv
27
vulnerability VCID-n2ap-zgrd-skhf
28
vulnerability VCID-r7ur-pzac-7bbk
29
vulnerability VCID-sd3k-af7j-h7h4
30
vulnerability VCID-semx-3823-f7f6
31
vulnerability VCID-sevc-c95q-tyg8
32
vulnerability VCID-sfnx-agxs-9yc9
33
vulnerability VCID-swv6-gyb1-y7bs
34
vulnerability VCID-t1ep-g6cz-7kgr
35
vulnerability VCID-tc9x-h24m-9ufe
36
vulnerability VCID-vaa4-b9ph-b7cm
37
vulnerability VCID-wyvv-ks5y-fkex
38
vulnerability VCID-x6wm-6c84-2qdw
39
vulnerability VCID-xhqj-617q-f7fb
40
vulnerability VCID-yp5x-mgfj-xbbf
41
vulnerability VCID-ypmv-73g2-gfex
42
vulnerability VCID-yrjj-cken-6qff
43
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.19
1
url pkg:gem/actionpack@3.1.0.beta1
purl pkg:gem/actionpack@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-de5p-39kn-pkd3
16
vulnerability VCID-dz1r-ae9g-57en
17
vulnerability VCID-f22x-hsz9-kfau
18
vulnerability VCID-f8s8-epzh-3bhw
19
vulnerability VCID-fm16-z8wy-6fgz
20
vulnerability VCID-fnkq-8eys-gygm
21
vulnerability VCID-ghfd-u91m-dbdz
22
vulnerability VCID-gqg3-gs2h-zugf
23
vulnerability VCID-hpu4-xbs2-fugs
24
vulnerability VCID-hud5-xxhh-u3ex
25
vulnerability VCID-j52w-azvw-1ycn
26
vulnerability VCID-j585-zz5s-nqd5
27
vulnerability VCID-jnrw-sue5-zqex
28
vulnerability VCID-kyj5-b8wz-pkgj
29
vulnerability VCID-m8rg-xa7x-6yan
30
vulnerability VCID-mrwn-mkcp-j7dv
31
vulnerability VCID-n2ap-zgrd-skhf
32
vulnerability VCID-pzs8-zstn-hbf2
33
vulnerability VCID-r7ur-pzac-7bbk
34
vulnerability VCID-sd3k-af7j-h7h4
35
vulnerability VCID-semx-3823-f7f6
36
vulnerability VCID-sevc-c95q-tyg8
37
vulnerability VCID-sfnx-agxs-9yc9
38
vulnerability VCID-swv6-gyb1-y7bs
39
vulnerability VCID-t1ep-g6cz-7kgr
40
vulnerability VCID-tc9x-h24m-9ufe
41
vulnerability VCID-vaa4-b9ph-b7cm
42
vulnerability VCID-wyvv-ks5y-fkex
43
vulnerability VCID-x6wm-6c84-2qdw
44
vulnerability VCID-xhqj-617q-f7fb
45
vulnerability VCID-yp5x-mgfj-xbbf
46
vulnerability VCID-ypmv-73g2-gfex
47
vulnerability VCID-yrjj-cken-6qff
48
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1
2
url pkg:gem/actionpack@3.1.10
purl pkg:gem/actionpack@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6cjf-b88j-n3bw
7
vulnerability VCID-6jdd-kze9-myfz
8
vulnerability VCID-7yhn-w7nv-xqf7
9
vulnerability VCID-9w4d-2z52-wyaf
10
vulnerability VCID-auvj-pgpu-mybv
11
vulnerability VCID-b5zn-u8pu-zya6
12
vulnerability VCID-ct3m-wed2-6bhq
13
vulnerability VCID-dz1r-ae9g-57en
14
vulnerability VCID-f22x-hsz9-kfau
15
vulnerability VCID-f8s8-epzh-3bhw
16
vulnerability VCID-fm16-z8wy-6fgz
17
vulnerability VCID-fnkq-8eys-gygm
18
vulnerability VCID-ghfd-u91m-dbdz
19
vulnerability VCID-gqg3-gs2h-zugf
20
vulnerability VCID-hud5-xxhh-u3ex
21
vulnerability VCID-j52w-azvw-1ycn
22
vulnerability VCID-j585-zz5s-nqd5
23
vulnerability VCID-jnrw-sue5-zqex
24
vulnerability VCID-kyj5-b8wz-pkgj
25
vulnerability VCID-m8rg-xa7x-6yan
26
vulnerability VCID-mrwn-mkcp-j7dv
27
vulnerability VCID-n2ap-zgrd-skhf
28
vulnerability VCID-r7ur-pzac-7bbk
29
vulnerability VCID-sd3k-af7j-h7h4
30
vulnerability VCID-semx-3823-f7f6
31
vulnerability VCID-sevc-c95q-tyg8
32
vulnerability VCID-sfnx-agxs-9yc9
33
vulnerability VCID-swv6-gyb1-y7bs
34
vulnerability VCID-t1ep-g6cz-7kgr
35
vulnerability VCID-tc9x-h24m-9ufe
36
vulnerability VCID-vaa4-b9ph-b7cm
37
vulnerability VCID-wyvv-ks5y-fkex
38
vulnerability VCID-x6wm-6c84-2qdw
39
vulnerability VCID-xhqj-617q-f7fb
40
vulnerability VCID-yp5x-mgfj-xbbf
41
vulnerability VCID-ypmv-73g2-gfex
42
vulnerability VCID-yrjj-cken-6qff
43
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10
3
url pkg:gem/actionpack@3.2.0.rc1
purl pkg:gem/actionpack@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-apra-79g2-wkfn
13
vulnerability VCID-auvj-pgpu-mybv
14
vulnerability VCID-b5zn-u8pu-zya6
15
vulnerability VCID-ct3m-wed2-6bhq
16
vulnerability VCID-de5p-39kn-pkd3
17
vulnerability VCID-dz1r-ae9g-57en
18
vulnerability VCID-f22x-hsz9-kfau
19
vulnerability VCID-f8s8-epzh-3bhw
20
vulnerability VCID-fm16-z8wy-6fgz
21
vulnerability VCID-fnkq-8eys-gygm
22
vulnerability VCID-ghfd-u91m-dbdz
23
vulnerability VCID-gqg3-gs2h-zugf
24
vulnerability VCID-hpu4-xbs2-fugs
25
vulnerability VCID-hud5-xxhh-u3ex
26
vulnerability VCID-j52w-azvw-1ycn
27
vulnerability VCID-j585-zz5s-nqd5
28
vulnerability VCID-jnrw-sue5-zqex
29
vulnerability VCID-kyj5-b8wz-pkgj
30
vulnerability VCID-m8rg-xa7x-6yan
31
vulnerability VCID-mrwn-mkcp-j7dv
32
vulnerability VCID-n2ap-zgrd-skhf
33
vulnerability VCID-pzs8-zstn-hbf2
34
vulnerability VCID-r7ur-pzac-7bbk
35
vulnerability VCID-sd3k-af7j-h7h4
36
vulnerability VCID-semx-3823-f7f6
37
vulnerability VCID-sevc-c95q-tyg8
38
vulnerability VCID-sfnx-agxs-9yc9
39
vulnerability VCID-swv6-gyb1-y7bs
40
vulnerability VCID-t1ep-g6cz-7kgr
41
vulnerability VCID-tc9x-h24m-9ufe
42
vulnerability VCID-vaa4-b9ph-b7cm
43
vulnerability VCID-vm51-p4w4-n3du
44
vulnerability VCID-wyvv-ks5y-fkex
45
vulnerability VCID-x6wm-6c84-2qdw
46
vulnerability VCID-xhqj-617q-f7fb
47
vulnerability VCID-yp5x-mgfj-xbbf
48
vulnerability VCID-ypmv-73g2-gfex
49
vulnerability VCID-yrjj-cken-6qff
50
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1
4
url pkg:gem/actionpack@3.2.11
purl pkg:gem/actionpack@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6cjf-b88j-n3bw
7
vulnerability VCID-6jdd-kze9-myfz
8
vulnerability VCID-7yhn-w7nv-xqf7
9
vulnerability VCID-9w4d-2z52-wyaf
10
vulnerability VCID-apra-79g2-wkfn
11
vulnerability VCID-auvj-pgpu-mybv
12
vulnerability VCID-b5zn-u8pu-zya6
13
vulnerability VCID-ct3m-wed2-6bhq
14
vulnerability VCID-dz1r-ae9g-57en
15
vulnerability VCID-f22x-hsz9-kfau
16
vulnerability VCID-f8s8-epzh-3bhw
17
vulnerability VCID-fm16-z8wy-6fgz
18
vulnerability VCID-fnkq-8eys-gygm
19
vulnerability VCID-ghfd-u91m-dbdz
20
vulnerability VCID-gqg3-gs2h-zugf
21
vulnerability VCID-hud5-xxhh-u3ex
22
vulnerability VCID-j52w-azvw-1ycn
23
vulnerability VCID-j585-zz5s-nqd5
24
vulnerability VCID-jnrw-sue5-zqex
25
vulnerability VCID-kyj5-b8wz-pkgj
26
vulnerability VCID-m8rg-xa7x-6yan
27
vulnerability VCID-mrwn-mkcp-j7dv
28
vulnerability VCID-n2ap-zgrd-skhf
29
vulnerability VCID-r7ur-pzac-7bbk
30
vulnerability VCID-sd3k-af7j-h7h4
31
vulnerability VCID-semx-3823-f7f6
32
vulnerability VCID-sevc-c95q-tyg8
33
vulnerability VCID-sfnx-agxs-9yc9
34
vulnerability VCID-swv6-gyb1-y7bs
35
vulnerability VCID-t1ep-g6cz-7kgr
36
vulnerability VCID-tc9x-h24m-9ufe
37
vulnerability VCID-vaa4-b9ph-b7cm
38
vulnerability VCID-vm51-p4w4-n3du
39
vulnerability VCID-wyvv-ks5y-fkex
40
vulnerability VCID-x6wm-6c84-2qdw
41
vulnerability VCID-xhqj-617q-f7fb
42
vulnerability VCID-yp5x-mgfj-xbbf
43
vulnerability VCID-ypmv-73g2-gfex
44
vulnerability VCID-yrjj-cken-6qff
45
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11
aliases CVE-2013-0156, GHSA-jmgw-6vjg-jjwg, OSV-89026
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6as7-jkwa-53dk
7
url VCID-6cjf-b88j-n3bw
vulnerability_id VCID-6cjf-b88j-n3bw
summary 
Cross-Site Request Forgery (CSRF)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0447
reference_id
reference_type
scores
0
value 0.00991
scoring_system epss
scoring_elements 0.77186
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0447
5
reference_url http://secunia.com/advisories/43274
reference_id
reference_type
scores
url http://secunia.com/advisories/43274
6
reference_url http://secunia.com/advisories/43666
reference_id
reference_type
scores
url http://secunia.com/advisories/43666
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034
9
reference_url https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06
10
reference_url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
11
reference_url https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060
12
reference_url http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
13
reference_url http://www.debian.org/security/2011/dsa-2247
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2247
14
reference_url http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46291
15
reference_url http://www.securitytracker.com/id?1025060
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1025060
16
reference_url http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0587
17
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id 614864
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0447
reference_id CVE-2011-0447
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0447
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml
reference_id CVE-2011-0447.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml
21
reference_url https://github.com/advisories/GHSA-24fg-p96v-hxh8
reference_id GHSA-24fg-p96v-hxh8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-24fg-p96v-hxh8
22
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-0447, GHSA-24fg-p96v-hxh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cjf-b88j-n3bw
8
url VCID-6jdd-kze9-myfz
vulnerability_id VCID-6jdd-kze9-myfz
summary 
High severity vulnerability that affects actionpack
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0449
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68421
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0449
3
reference_url http://secunia.com/advisories/43278
reference_id
reference_type
scores
url http://secunia.com/advisories/43278
4
reference_url http://securitytracker.com/id?1025061
reference_id
reference_type
scores
url http://securitytracker.com/id?1025061
5
reference_url https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b
6
reference_url https://github.com/rails/rails/tree/main/actionpack
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/tree/main/actionpack
7
reference_url https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061
8
reference_url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
9
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0449
reference_id CVE-2011-0449
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0449
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml
reference_id CVE-2011-0449.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml
12
reference_url https://github.com/advisories/GHSA-4ww3-3rxj-8v6q
reference_id GHSA-4ww3-3rxj-8v6q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4ww3-3rxj-8v6q
13
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-0449, GHSA-4ww3-3rxj-8v6q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jdd-kze9-myfz
9
url VCID-7yhn-w7nv-xqf7
vulnerability_id VCID-7yhn-w7nv-xqf7
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8185
reference_id
reference_type
scores
0
value 0.00679
scoring_system epss
scoring_elements 0.71897
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8185
2
reference_url https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2
3
reference_url https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
4
reference_url https://hackerone.com/reports/899069
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/899069
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852380
reference_id 1852380
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852380
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
reference_id 964081
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8185
reference_id CVE-2020-8185
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8185
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml
reference_id CVE-2020-8185.YML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml
11
reference_url https://github.com/advisories/GHSA-c6qr-h5vq-59jc
reference_id GHSA-c6qr-h5vq-59jc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6qr-h5vq-59jc
12
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/actionpack@6.0.3.2
purl pkg:gem/actionpack@6.0.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-1f8y-2bmg-qufg
2
vulnerability VCID-43zc-ndt3-xfc5
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-8c6b-8z6x-2uen
5
vulnerability VCID-9w4d-2z52-wyaf
6
vulnerability VCID-be3d-1x2j-qffu
7
vulnerability VCID-e4f9-zs85-4bgh
8
vulnerability VCID-eecu-e2ds-jbdc
9
vulnerability VCID-f22x-hsz9-kfau
10
vulnerability VCID-fnkq-8eys-gygm
11
vulnerability VCID-n2ap-zgrd-skhf
12
vulnerability VCID-nvse-2qzf-n7ba
13
vulnerability VCID-sd3k-af7j-h7h4
14
vulnerability VCID-semx-3823-f7f6
15
vulnerability VCID-t7pe-vz5p-rfed
16
vulnerability VCID-x6wm-6c84-2qdw
17
vulnerability VCID-xhqj-617q-f7fb
18
vulnerability VCID-yp5x-mgfj-xbbf
19
vulnerability VCID-ypmv-73g2-gfex
20
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.2
aliases CVE-2020-8185, GHSA-c6qr-h5vq-59jc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7yhn-w7nv-xqf7
10
url VCID-9w4d-2z52-wyaf
vulnerability_id VCID-9w4d-2z52-wyaf
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33167
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06433
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33167
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/
url https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0
5
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
6
reference_url https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/
url https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33167
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33167
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450552
reference_id 2450552
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450552
10
reference_url https://github.com/advisories/GHSA-pgm4-439c-5jp6
reference_id GHSA-pgm4-439c-5jp6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pgm4-439c-5jp6
fixed_packages
0
url pkg:gem/actionpack@8.1.2.1
purl pkg:gem/actionpack@8.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.1.2.1
aliases CVE-2026-33167, GHSA-pgm4-439c-5jp6
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9w4d-2z52-wyaf
11
url VCID-auvj-pgpu-mybv
vulnerability_id VCID-auvj-pgpu-mybv
summary 
XSS Vulnerability in the `sanitize` helper
The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0698.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0698.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1857
reference_id
reference_type
scores
0
value 0.00625
scoring_system epss
scoring_elements 0.70518
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1857
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI
10
reference_url https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain
11
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
12
reference_url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
13
reference_url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
14
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
15
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=921335
reference_id 921335
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=921335
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1857
reference_id CVE-2013-1857
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1857
18
reference_url https://github.com/advisories/GHSA-j838-vfpq-fmf2
reference_id GHSA-j838-vfpq-fmf2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j838-vfpq-fmf2
19
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/actionpack@3.1.12
purl pkg:gem/actionpack@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6cjf-b88j-n3bw
7
vulnerability VCID-6jdd-kze9-myfz
8
vulnerability VCID-7yhn-w7nv-xqf7
9
vulnerability VCID-9w4d-2z52-wyaf
10
vulnerability VCID-auvj-pgpu-mybv
11
vulnerability VCID-b5zn-u8pu-zya6
12
vulnerability VCID-ct3m-wed2-6bhq
13
vulnerability VCID-dz1r-ae9g-57en
14
vulnerability VCID-f22x-hsz9-kfau
15
vulnerability VCID-f8s8-epzh-3bhw
16
vulnerability VCID-fm16-z8wy-6fgz
17
vulnerability VCID-fnkq-8eys-gygm
18
vulnerability VCID-ghfd-u91m-dbdz
19
vulnerability VCID-gqg3-gs2h-zugf
20
vulnerability VCID-hud5-xxhh-u3ex
21
vulnerability VCID-j52w-azvw-1ycn
22
vulnerability VCID-j585-zz5s-nqd5
23
vulnerability VCID-jnrw-sue5-zqex
24
vulnerability VCID-kyj5-b8wz-pkgj
25
vulnerability VCID-m8rg-xa7x-6yan
26
vulnerability VCID-mrwn-mkcp-j7dv
27
vulnerability VCID-n2ap-zgrd-skhf
28
vulnerability VCID-r7ur-pzac-7bbk
29
vulnerability VCID-sd3k-af7j-h7h4
30
vulnerability VCID-semx-3823-f7f6
31
vulnerability VCID-sevc-c95q-tyg8
32
vulnerability VCID-sfnx-agxs-9yc9
33
vulnerability VCID-swv6-gyb1-y7bs
34
vulnerability VCID-t1ep-g6cz-7kgr
35
vulnerability VCID-tc9x-h24m-9ufe
36
vulnerability VCID-vaa4-b9ph-b7cm
37
vulnerability VCID-wyvv-ks5y-fkex
38
vulnerability VCID-x6wm-6c84-2qdw
39
vulnerability VCID-xhqj-617q-f7fb
40
vulnerability VCID-yp5x-mgfj-xbbf
41
vulnerability VCID-ypmv-73g2-gfex
42
vulnerability VCID-yrjj-cken-6qff
43
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12
1
url pkg:gem/actionpack@3.2.13
purl pkg:gem/actionpack@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6cjf-b88j-n3bw
7
vulnerability VCID-6jdd-kze9-myfz
8
vulnerability VCID-7yhn-w7nv-xqf7
9
vulnerability VCID-9w4d-2z52-wyaf
10
vulnerability VCID-apra-79g2-wkfn
11
vulnerability VCID-auvj-pgpu-mybv
12
vulnerability VCID-b5zn-u8pu-zya6
13
vulnerability VCID-ct3m-wed2-6bhq
14
vulnerability VCID-dz1r-ae9g-57en
15
vulnerability VCID-f22x-hsz9-kfau
16
vulnerability VCID-f8s8-epzh-3bhw
17
vulnerability VCID-fm16-z8wy-6fgz
18
vulnerability VCID-fnkq-8eys-gygm
19
vulnerability VCID-ghfd-u91m-dbdz
20
vulnerability VCID-gqg3-gs2h-zugf
21
vulnerability VCID-hud5-xxhh-u3ex
22
vulnerability VCID-j52w-azvw-1ycn
23
vulnerability VCID-j585-zz5s-nqd5
24
vulnerability VCID-jnrw-sue5-zqex
25
vulnerability VCID-kyj5-b8wz-pkgj
26
vulnerability VCID-m8rg-xa7x-6yan
27
vulnerability VCID-mrwn-mkcp-j7dv
28
vulnerability VCID-n2ap-zgrd-skhf
29
vulnerability VCID-r7ur-pzac-7bbk
30
vulnerability VCID-sd3k-af7j-h7h4
31
vulnerability VCID-semx-3823-f7f6
32
vulnerability VCID-sevc-c95q-tyg8
33
vulnerability VCID-sfnx-agxs-9yc9
34
vulnerability VCID-swv6-gyb1-y7bs
35
vulnerability VCID-t1ep-g6cz-7kgr
36
vulnerability VCID-tc9x-h24m-9ufe
37
vulnerability VCID-vaa4-b9ph-b7cm
38
vulnerability VCID-vm51-p4w4-n3du
39
vulnerability VCID-wyvv-ks5y-fkex
40
vulnerability VCID-x6wm-6c84-2qdw
41
vulnerability VCID-xhqj-617q-f7fb
42
vulnerability VCID-yp5x-mgfj-xbbf
43
vulnerability VCID-ypmv-73g2-gfex
44
vulnerability VCID-yrjj-cken-6qff
45
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13
aliases CVE-2013-1857, GHSA-j838-vfpq-fmf2, OSV-91454
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auvj-pgpu-mybv
12
url VCID-b5zn-u8pu-zya6
vulnerability_id VCID-b5zn-u8pu-zya6
summary 
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44673
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
10
reference_url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
11
reference_url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
12
reference_url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=831581
reference_id 831581
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=831581
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
reference_id CVE-2012-2694
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
reference_id CVE-2012-2694.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
16
reference_url https://github.com/advisories/GHSA-q34c-48gc-m9g8
reference_id GHSA-q34c-48gc-m9g8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q34c-48gc-m9g8
17
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
18
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/actionpack@3.1.6
purl pkg:gem/actionpack@3.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-de5p-39kn-pkd3
16
vulnerability VCID-dz1r-ae9g-57en
17
vulnerability VCID-f22x-hsz9-kfau
18
vulnerability VCID-f8s8-epzh-3bhw
19
vulnerability VCID-fm16-z8wy-6fgz
20
vulnerability VCID-fnkq-8eys-gygm
21
vulnerability VCID-ghfd-u91m-dbdz
22
vulnerability VCID-gqg3-gs2h-zugf
23
vulnerability VCID-hud5-xxhh-u3ex
24
vulnerability VCID-j52w-azvw-1ycn
25
vulnerability VCID-j585-zz5s-nqd5
26
vulnerability VCID-jnrw-sue5-zqex
27
vulnerability VCID-kyj5-b8wz-pkgj
28
vulnerability VCID-m8rg-xa7x-6yan
29
vulnerability VCID-mrwn-mkcp-j7dv
30
vulnerability VCID-n2ap-zgrd-skhf
31
vulnerability VCID-pzs8-zstn-hbf2
32
vulnerability VCID-r7ur-pzac-7bbk
33
vulnerability VCID-sd3k-af7j-h7h4
34
vulnerability VCID-semx-3823-f7f6
35
vulnerability VCID-sevc-c95q-tyg8
36
vulnerability VCID-sfnx-agxs-9yc9
37
vulnerability VCID-swv6-gyb1-y7bs
38
vulnerability VCID-t1ep-g6cz-7kgr
39
vulnerability VCID-tc9x-h24m-9ufe
40
vulnerability VCID-vaa4-b9ph-b7cm
41
vulnerability VCID-wyvv-ks5y-fkex
42
vulnerability VCID-x6wm-6c84-2qdw
43
vulnerability VCID-xhqj-617q-f7fb
44
vulnerability VCID-yp5x-mgfj-xbbf
45
vulnerability VCID-ypmv-73g2-gfex
46
vulnerability VCID-yrjj-cken-6qff
47
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.6
1
url pkg:gem/actionpack@3.2.6
purl pkg:gem/actionpack@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-apra-79g2-wkfn
13
vulnerability VCID-auvj-pgpu-mybv
14
vulnerability VCID-b5zn-u8pu-zya6
15
vulnerability VCID-ct3m-wed2-6bhq
16
vulnerability VCID-de5p-39kn-pkd3
17
vulnerability VCID-dz1r-ae9g-57en
18
vulnerability VCID-f22x-hsz9-kfau
19
vulnerability VCID-f8s8-epzh-3bhw
20
vulnerability VCID-fm16-z8wy-6fgz
21
vulnerability VCID-fnkq-8eys-gygm
22
vulnerability VCID-ghfd-u91m-dbdz
23
vulnerability VCID-gqg3-gs2h-zugf
24
vulnerability VCID-hud5-xxhh-u3ex
25
vulnerability VCID-j52w-azvw-1ycn
26
vulnerability VCID-j585-zz5s-nqd5
27
vulnerability VCID-jnrw-sue5-zqex
28
vulnerability VCID-kyj5-b8wz-pkgj
29
vulnerability VCID-m8rg-xa7x-6yan
30
vulnerability VCID-mrwn-mkcp-j7dv
31
vulnerability VCID-n2ap-zgrd-skhf
32
vulnerability VCID-pzs8-zstn-hbf2
33
vulnerability VCID-r7ur-pzac-7bbk
34
vulnerability VCID-sd3k-af7j-h7h4
35
vulnerability VCID-semx-3823-f7f6
36
vulnerability VCID-sevc-c95q-tyg8
37
vulnerability VCID-sfnx-agxs-9yc9
38
vulnerability VCID-swv6-gyb1-y7bs
39
vulnerability VCID-t1ep-g6cz-7kgr
40
vulnerability VCID-tc9x-h24m-9ufe
41
vulnerability VCID-vaa4-b9ph-b7cm
42
vulnerability VCID-vm51-p4w4-n3du
43
vulnerability VCID-wyvv-ks5y-fkex
44
vulnerability VCID-x6wm-6c84-2qdw
45
vulnerability VCID-xhqj-617q-f7fb
46
vulnerability VCID-yp5x-mgfj-xbbf
47
vulnerability VCID-ypmv-73g2-gfex
48
vulnerability VCID-yrjj-cken-6qff
49
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6
aliases CVE-2012-2694, GHSA-q34c-48gc-m9g8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5zn-u8pu-zya6
13
url VCID-ct3m-wed2-6bhq
vulnerability_id VCID-ct3m-wed2-6bhq
summary 
Path Traversal
The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0752
reference_id
reference_type
scores
0
value 0.90494
scoring_system epss
scoring_elements 0.99626
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0752
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
18
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
19
reference_url https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
20
reference_url https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801
21
reference_url https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816
22
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752
23
reference_url https://www.exploit-db.com/exploits/40561
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40561
24
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://www.debian.org/security/2016/dsa-3464
25
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://www.openwall.com/lists/oss-security/2016/01/25/13
26
reference_url http://www.securityfocus.com/bid/81801
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://www.securityfocus.com/bid/81801
27
reference_url http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url http://www.securitytracker.com/id/1034816
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301963
reference_id 1301963
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301963
29
reference_url https://www.exploit-db.com/exploits/40561/
reference_id 40561
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/
url https://www.exploit-db.com/exploits/40561/
30
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb
reference_id CVE-2016-0752
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb
31
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0752
reference_id CVE-2016-0752
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0752
32
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml
reference_id CVE-2016-0752.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml
33
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml
reference_id CVE-2016-0752.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml
34
reference_url https://github.com/advisories/GHSA-xrr4-p6fq-hjg7
reference_id GHSA-xrr4-p6fq-hjg7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xrr4-p6fq-hjg7
35
reference_url https://access.redhat.com/errata/RHSA-2016:0296
reference_id RHSA-2016:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0296
36
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
37
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
fixed_packages
0
url pkg:gem/actionpack@3.2.22.1
purl pkg:gem/actionpack@3.2.22.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fn9u-w13j-43dz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-r7ur-pzac-7bbk
21
vulnerability VCID-sd3k-af7j-h7h4
22
vulnerability VCID-semx-3823-f7f6
23
vulnerability VCID-sevc-c95q-tyg8
24
vulnerability VCID-tc9x-h24m-9ufe
25
vulnerability VCID-vm51-p4w4-n3du
26
vulnerability VCID-x6wm-6c84-2qdw
27
vulnerability VCID-xhqj-617q-f7fb
28
vulnerability VCID-yp5x-mgfj-xbbf
29
vulnerability VCID-ypmv-73g2-gfex
30
vulnerability VCID-yrjj-cken-6qff
31
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1
1
url pkg:gem/actionpack@4.1.14.1
purl pkg:gem/actionpack@4.1.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fn9u-w13j-43dz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-r7ur-pzac-7bbk
21
vulnerability VCID-sd3k-af7j-h7h4
22
vulnerability VCID-semx-3823-f7f6
23
vulnerability VCID-sevc-c95q-tyg8
24
vulnerability VCID-tc9x-h24m-9ufe
25
vulnerability VCID-vm51-p4w4-n3du
26
vulnerability VCID-x6wm-6c84-2qdw
27
vulnerability VCID-xhqj-617q-f7fb
28
vulnerability VCID-yp5x-mgfj-xbbf
29
vulnerability VCID-ypmv-73g2-gfex
30
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1
2
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fn9u-w13j-43dz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-r7ur-pzac-7bbk
21
vulnerability VCID-sd3k-af7j-h7h4
22
vulnerability VCID-semx-3823-f7f6
23
vulnerability VCID-sevc-c95q-tyg8
24
vulnerability VCID-tc9x-h24m-9ufe
25
vulnerability VCID-x6wm-6c84-2qdw
26
vulnerability VCID-xhqj-617q-f7fb
27
vulnerability VCID-yp5x-mgfj-xbbf
28
vulnerability VCID-ypmv-73g2-gfex
29
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
aliases CVE-2016-0752, GHSA-xrr4-p6fq-hjg7
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ct3m-wed2-6bhq
14
url VCID-dz1r-ae9g-57en
vulnerability_id VCID-dz1r-ae9g-57en
summary 
Exposure of Sensitive Information to an Unauthorized Actor
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3086
reference_id
reference_type
scores
0
value 0.00556
scoring_system epss
scoring_elements 0.68467
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3086
2
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
url http://secunia.com/advisories/36600
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0
5
reference_url https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978
6
reference_url https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686
7
reference_url https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544
8
reference_url https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600
9
reference_url https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427
10
reference_url http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails
11
reference_url http://www.debian.org/security/2011/dsa-2260
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2260
12
reference_url http://www.securityfocus.com/bid/37427
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/37427
13
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/2544
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id 545063
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-3086
reference_id CVE-2009-3086
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-3086
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml
reference_id CVE-2009-3086.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml
reference_id CVE-2009-3086.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml
18
reference_url https://github.com/advisories/GHSA-fg9w-g6m4-557j
reference_id GHSA-fg9w-g6m4-557j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fg9w-g6m4-557j
19
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2009-3086, GHSA-fg9w-g6m4-557j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dz1r-ae9g-57en
15
url VCID-f22x-hsz9-kfau
vulnerability_id VCID-f22x-hsz9-kfau
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41128
reference_id
reference_type
scores
0
value 0.00774
scoring_system epss
scoring_elements 0.73907
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41128
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319036
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2319036
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075
6
reference_url https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef
7
reference_url https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891
8
reference_url https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
10
reference_url https://access.redhat.com/security/cve/cve-2024-41128
reference_id CVE-2024-41128
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://access.redhat.com/security/cve/cve-2024-41128
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41128
reference_id CVE-2024-41128
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41128
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml
reference_id CVE-2024-41128.YML
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml
13
reference_url https://github.com/advisories/GHSA-x76w-6vjr-8xgj
reference_id GHSA-x76w-6vjr-8xgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x76w-6vjr-8xgj
14
reference_url https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
reference_id GHSA-x76w-6vjr-8xgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
15
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:gem/actionpack@6.1.7.9
purl pkg:gem/actionpack@6.1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9
1
url pkg:gem/actionpack@7.0.0.alpha1
purl pkg:gem/actionpack@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-xhqj-617q-f7fb
6
vulnerability VCID-yp5x-mgfj-xbbf
7
vulnerability VCID-ypmv-73g2-gfex
8
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1
2
url pkg:gem/actionpack@7.0.8.5
purl pkg:gem/actionpack@7.0.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5
3
url pkg:gem/actionpack@7.1.0.beta1
purl pkg:gem/actionpack@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-xhqj-617q-f7fb
5
vulnerability VCID-ypmv-73g2-gfex
6
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1
4
url pkg:gem/actionpack@7.1.4.1
purl pkg:gem/actionpack@7.1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1
5
url pkg:gem/actionpack@7.2.0.beta1
purl pkg:gem/actionpack@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-fnkq-8eys-gygm
3
vulnerability VCID-ypmv-73g2-gfex
4
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1
6
url pkg:gem/actionpack@7.2.1.1
purl pkg:gem/actionpack@7.2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1
7
url pkg:gem/actionpack@8.0.0.beta1
purl pkg:gem/actionpack@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-ypmv-73g2-gfex
3
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1
aliases CVE-2024-41128, GHSA-x76w-6vjr-8xgj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f22x-hsz9-kfau
16
url VCID-f8s8-epzh-3bhw
vulnerability_id VCID-f8s8-epzh-3bhw
summary 
Denial of Service Vulnerability when using render :text
Strings sent in specially crafted headers will be converted to symbols.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
1
reference_url http://openwall.com/lists/oss-security/2014/02/18/10
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/02/18/10
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0215.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0215.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2014-0306.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0306.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0082
reference_id
reference_type
scores
0
value 0.06456
scoring_system epss
scoring_elements 0.91215
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0082
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc
11
reference_url https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ
12
reference_url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
13
reference_url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
reference_id
reference_type
scores
url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1065538
reference_id 1065538
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1065538
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0082
reference_id CVE-2014-0082
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0082
16
reference_url https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082
reference_id CVE-2014-0082
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml
reference_id CVE-2014-0082.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml
18
reference_url https://github.com/advisories/GHSA-7cgp-c3g7-qvrw
reference_id GHSA-7cgp-c3g7-qvrw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cgp-c3g7-qvrw
19
reference_url https://access.redhat.com/errata/RHSA-2014:0215
reference_id RHSA-2014:0215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0215
20
reference_url https://access.redhat.com/errata/RHSA-2014:0306
reference_id RHSA-2014:0306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0306
fixed_packages
0
url pkg:gem/actionpack@3.2.17
purl pkg:gem/actionpack@3.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-31rm-1rpc-g3dq
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-6cjf-b88j-n3bw
5
vulnerability VCID-6jdd-kze9-myfz
6
vulnerability VCID-7yhn-w7nv-xqf7
7
vulnerability VCID-9w4d-2z52-wyaf
8
vulnerability VCID-apra-79g2-wkfn
9
vulnerability VCID-b5zn-u8pu-zya6
10
vulnerability VCID-ct3m-wed2-6bhq
11
vulnerability VCID-dz1r-ae9g-57en
12
vulnerability VCID-f22x-hsz9-kfau
13
vulnerability VCID-fm16-z8wy-6fgz
14
vulnerability VCID-fnkq-8eys-gygm
15
vulnerability VCID-hud5-xxhh-u3ex
16
vulnerability VCID-j52w-azvw-1ycn
17
vulnerability VCID-j585-zz5s-nqd5
18
vulnerability VCID-jnrw-sue5-zqex
19
vulnerability VCID-kyj5-b8wz-pkgj
20
vulnerability VCID-m8rg-xa7x-6yan
21
vulnerability VCID-mrwn-mkcp-j7dv
22
vulnerability VCID-n2ap-zgrd-skhf
23
vulnerability VCID-r7ur-pzac-7bbk
24
vulnerability VCID-sd3k-af7j-h7h4
25
vulnerability VCID-semx-3823-f7f6
26
vulnerability VCID-sevc-c95q-tyg8
27
vulnerability VCID-t1ep-g6cz-7kgr
28
vulnerability VCID-tc9x-h24m-9ufe
29
vulnerability VCID-vm51-p4w4-n3du
30
vulnerability VCID-wyvv-ks5y-fkex
31
vulnerability VCID-x6wm-6c84-2qdw
32
vulnerability VCID-xhqj-617q-f7fb
33
vulnerability VCID-yp5x-mgfj-xbbf
34
vulnerability VCID-ypmv-73g2-gfex
35
vulnerability VCID-yrjj-cken-6qff
36
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17
1
url pkg:gem/actionpack@4.0.0.beta1
purl pkg:gem/actionpack@4.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6cjf-b88j-n3bw
7
vulnerability VCID-6jdd-kze9-myfz
8
vulnerability VCID-7yhn-w7nv-xqf7
9
vulnerability VCID-9w4d-2z52-wyaf
10
vulnerability VCID-apra-79g2-wkfn
11
vulnerability VCID-auvj-pgpu-mybv
12
vulnerability VCID-b5zn-u8pu-zya6
13
vulnerability VCID-dz1r-ae9g-57en
14
vulnerability VCID-f22x-hsz9-kfau
15
vulnerability VCID-f8s8-epzh-3bhw
16
vulnerability VCID-fm16-z8wy-6fgz
17
vulnerability VCID-fnkq-8eys-gygm
18
vulnerability VCID-ghfd-u91m-dbdz
19
vulnerability VCID-gqg3-gs2h-zugf
20
vulnerability VCID-hud5-xxhh-u3ex
21
vulnerability VCID-j585-zz5s-nqd5
22
vulnerability VCID-jnrw-sue5-zqex
23
vulnerability VCID-kyj5-b8wz-pkgj
24
vulnerability VCID-m8rg-xa7x-6yan
25
vulnerability VCID-mrwn-mkcp-j7dv
26
vulnerability VCID-n2ap-zgrd-skhf
27
vulnerability VCID-pssv-24tn-kkc5
28
vulnerability VCID-r7ur-pzac-7bbk
29
vulnerability VCID-sd3k-af7j-h7h4
30
vulnerability VCID-semx-3823-f7f6
31
vulnerability VCID-sevc-c95q-tyg8
32
vulnerability VCID-sfnx-agxs-9yc9
33
vulnerability VCID-swv6-gyb1-y7bs
34
vulnerability VCID-t1ep-g6cz-7kgr
35
vulnerability VCID-tc9x-h24m-9ufe
36
vulnerability VCID-vaa4-b9ph-b7cm
37
vulnerability VCID-wyvv-ks5y-fkex
38
vulnerability VCID-x6wm-6c84-2qdw
39
vulnerability VCID-xhqj-617q-f7fb
40
vulnerability VCID-yp5x-mgfj-xbbf
41
vulnerability VCID-ypmv-73g2-gfex
42
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0.beta1
2
url pkg:gem/actionpack@4.0.0
purl pkg:gem/actionpack@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-5za7-eapk-3qgx
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-8frw-skyq-1fh9
11
vulnerability VCID-9w4d-2z52-wyaf
12
vulnerability VCID-apra-79g2-wkfn
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-dz1r-ae9g-57en
16
vulnerability VCID-f22x-hsz9-kfau
17
vulnerability VCID-fm16-z8wy-6fgz
18
vulnerability VCID-fn9u-w13j-43dz
19
vulnerability VCID-fnkq-8eys-gygm
20
vulnerability VCID-ghfd-u91m-dbdz
21
vulnerability VCID-hud5-xxhh-u3ex
22
vulnerability VCID-j52w-azvw-1ycn
23
vulnerability VCID-j585-zz5s-nqd5
24
vulnerability VCID-jnrw-sue5-zqex
25
vulnerability VCID-kurg-1k8b-zkh6
26
vulnerability VCID-kyj5-b8wz-pkgj
27
vulnerability VCID-m8rg-xa7x-6yan
28
vulnerability VCID-mrwn-mkcp-j7dv
29
vulnerability VCID-n2ap-zgrd-skhf
30
vulnerability VCID-pssv-24tn-kkc5
31
vulnerability VCID-r7ur-pzac-7bbk
32
vulnerability VCID-rjft-pjjz-vycp
33
vulnerability VCID-sd3k-af7j-h7h4
34
vulnerability VCID-semx-3823-f7f6
35
vulnerability VCID-sevc-c95q-tyg8
36
vulnerability VCID-sfnx-agxs-9yc9
37
vulnerability VCID-swv6-gyb1-y7bs
38
vulnerability VCID-t1ep-g6cz-7kgr
39
vulnerability VCID-tc9x-h24m-9ufe
40
vulnerability VCID-vaa4-b9ph-b7cm
41
vulnerability VCID-vm51-p4w4-n3du
42
vulnerability VCID-w2ca-rqx2-m7f4
43
vulnerability VCID-wrrq-xxs9-xka9
44
vulnerability VCID-wyvv-ks5y-fkex
45
vulnerability VCID-x6wm-6c84-2qdw
46
vulnerability VCID-xhqj-617q-f7fb
47
vulnerability VCID-yp5x-mgfj-xbbf
48
vulnerability VCID-ypmv-73g2-gfex
49
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0
aliases CVE-2014-0082, GHSA-7cgp-c3g7-qvrw, OSV-103440
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8s8-epzh-3bhw
17
url VCID-fm16-z8wy-6fgz
vulnerability_id VCID-fm16-z8wy-6fgz
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
1
reference_url http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source
2
reference_url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3009
reference_id
reference_type
scores
0
value 0.01632
scoring_system epss
scoring_elements 0.82215
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3009
6
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/36600
7
reference_url http://secunia.com/advisories/36717
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/36717
8
reference_url http://securitytracker.com/id?1022824
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securitytracker.com/id?1022824
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
10
reference_url http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT4077
11
reference_url http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails
12
reference_url http://www.debian.org/security/2009/dsa-1887
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2009/dsa-1887
13
reference_url http://www.osvdb.org/57666
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.osvdb.org/57666
14
reference_url http://www.securityfocus.com/bid/36278
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/36278
15
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/2544
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=520843
reference_id 520843
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=520843
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id 545063
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-3009
reference_id CVE-2009-3009
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-3009
19
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml
reference_id CVE-2009-3009.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml
20
reference_url https://github.com/advisories/GHSA-8qrh-h9m2-5fvf
reference_id GHSA-8qrh-h9m2-5fvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8qrh-h9m2-5fvf
21
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2009-3009, GHSA-8qrh-h9m2-5fvf, OSV-57666
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fm16-z8wy-6fgz
18
url VCID-fnkq-8eys-gygm
vulnerability_id VCID-fnkq-8eys-gygm
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28103
reference_id
reference_type
scores
0
value 0.00832
scoring_system epss
scoring_elements 0.74897
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28103
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/
url https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
5
reference_url https://security.netapp.com/advisory/ntap-20241206-0002
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241206-0002
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705
reference_id 1072705
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2290530
reference_id 2290530
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2290530
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28103
reference_id CVE-2024-28103
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28103
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml
reference_id CVE-2024-28103.YML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml
10
reference_url https://github.com/advisories/GHSA-fwhr-88qx-h9g7
reference_id GHSA-fwhr-88qx-h9g7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwhr-88qx-h9g7
11
reference_url https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
reference_id GHSA-fwhr-88qx-h9g7
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/
url https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
fixed_packages
0
url pkg:gem/actionpack@6.1.7.8
purl pkg:gem/actionpack@6.1.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-ypmv-73g2-gfex
3
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.8
1
url pkg:gem/actionpack@7.0.0.alpha1
purl pkg:gem/actionpack@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-xhqj-617q-f7fb
6
vulnerability VCID-yp5x-mgfj-xbbf
7
vulnerability VCID-ypmv-73g2-gfex
8
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1
2
url pkg:gem/actionpack@7.0.8.4
purl pkg:gem/actionpack@7.0.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-ypmv-73g2-gfex
3
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.4
3
url pkg:gem/actionpack@7.1.0.beta1
purl pkg:gem/actionpack@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-xhqj-617q-f7fb
5
vulnerability VCID-ypmv-73g2-gfex
6
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1
4
url pkg:gem/actionpack@7.1.3.4
purl pkg:gem/actionpack@7.1.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-ypmv-73g2-gfex
3
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.4
5
url pkg:gem/actionpack@7.2.0.beta2
purl pkg:gem/actionpack@7.2.0.beta2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-ypmv-73g2-gfex
3
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta2
aliases CVE-2024-28103, GHSA-fwhr-88qx-h9g7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnkq-8eys-gygm
19
url VCID-ghfd-u91m-dbdz
vulnerability_id VCID-ghfd-u91m-dbdz
summary 
Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-1794.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1794.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0008.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6414
reference_id
reference_type
scores
0
value 0.70843
scoring_system epss
scoring_elements 0.98725
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6414
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
14
reference_url http://seclists.org/oss-sec/2013/q4/400
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/400
15
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
16
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ
17
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg
18
reference_url https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836
19
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
20
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
21
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
22
reference_url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
23
reference_url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
reference_id
reference_type
scores
url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036483
reference_id 1036483
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036483
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6414
reference_id CVE-2013-6414
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6414
26
reference_url https://puppet.com/security/cve/cve-2013-6414
reference_id CVE-2013-6414
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-6414
27
reference_url https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414
reference_id CVE-2013-6414
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414
28
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml
reference_id CVE-2013-6414.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml
29
reference_url https://github.com/advisories/GHSA-mpxf-gcw2-pw5q
reference_id GHSA-mpxf-gcw2-pw5q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpxf-gcw2-pw5q
30
reference_url https://access.redhat.com/errata/RHSA-2013:1794
reference_id RHSA-2013:1794
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1794
31
reference_url https://access.redhat.com/errata/RHSA-2014:0008
reference_id RHSA-2014:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0008
fixed_packages
0
url pkg:gem/actionpack@3.2.16
purl pkg:gem/actionpack@3.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-f8s8-epzh-3bhw
15
vulnerability VCID-fm16-z8wy-6fgz
16
vulnerability VCID-fnkq-8eys-gygm
17
vulnerability VCID-hud5-xxhh-u3ex
18
vulnerability VCID-j52w-azvw-1ycn
19
vulnerability VCID-j585-zz5s-nqd5
20
vulnerability VCID-jnrw-sue5-zqex
21
vulnerability VCID-kyj5-b8wz-pkgj
22
vulnerability VCID-m8rg-xa7x-6yan
23
vulnerability VCID-mrwn-mkcp-j7dv
24
vulnerability VCID-n2ap-zgrd-skhf
25
vulnerability VCID-r7ur-pzac-7bbk
26
vulnerability VCID-sd3k-af7j-h7h4
27
vulnerability VCID-semx-3823-f7f6
28
vulnerability VCID-sevc-c95q-tyg8
29
vulnerability VCID-t1ep-g6cz-7kgr
30
vulnerability VCID-tc9x-h24m-9ufe
31
vulnerability VCID-vm51-p4w4-n3du
32
vulnerability VCID-wyvv-ks5y-fkex
33
vulnerability VCID-x6wm-6c84-2qdw
34
vulnerability VCID-xhqj-617q-f7fb
35
vulnerability VCID-yp5x-mgfj-xbbf
36
vulnerability VCID-ypmv-73g2-gfex
37
vulnerability VCID-yrjj-cken-6qff
38
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16
1
url pkg:gem/actionpack@4.0.2
purl pkg:gem/actionpack@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-fm16-z8wy-6fgz
15
vulnerability VCID-fnkq-8eys-gygm
16
vulnerability VCID-hud5-xxhh-u3ex
17
vulnerability VCID-j52w-azvw-1ycn
18
vulnerability VCID-j585-zz5s-nqd5
19
vulnerability VCID-jnrw-sue5-zqex
20
vulnerability VCID-kyj5-b8wz-pkgj
21
vulnerability VCID-m8rg-xa7x-6yan
22
vulnerability VCID-mrwn-mkcp-j7dv
23
vulnerability VCID-n2ap-zgrd-skhf
24
vulnerability VCID-pssv-24tn-kkc5
25
vulnerability VCID-r7ur-pzac-7bbk
26
vulnerability VCID-sd3k-af7j-h7h4
27
vulnerability VCID-semx-3823-f7f6
28
vulnerability VCID-sevc-c95q-tyg8
29
vulnerability VCID-t1ep-g6cz-7kgr
30
vulnerability VCID-tc9x-h24m-9ufe
31
vulnerability VCID-wyvv-ks5y-fkex
32
vulnerability VCID-x6wm-6c84-2qdw
33
vulnerability VCID-xhqj-617q-f7fb
34
vulnerability VCID-yp5x-mgfj-xbbf
35
vulnerability VCID-ypmv-73g2-gfex
36
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2
aliases CVE-2013-6414, GHSA-mpxf-gcw2-pw5q, OSV-100525
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghfd-u91m-dbdz
20
url VCID-gqg3-gs2h-zugf
vulnerability_id VCID-gqg3-gs2h-zugf
summary 
XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0698.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0698.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
5
reference_url https://access.redhat.com/errata/RHSA-2013:0698
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0698
6
reference_url https://access.redhat.com/errata/RHSA-2014:1863
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1863
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1855
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.6776
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1855
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=921331
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=921331
10
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
11
reference_url https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain
12
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
13
reference_url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
14
reference_url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
15
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
16
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
17
reference_url https://access.redhat.com/security/cve/CVE-2013-1855
reference_id CVE-2013-1855
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-1855
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1855
reference_id CVE-2013-1855
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1855
19
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml
reference_id CVE-2013-1855.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml
20
reference_url https://github.com/advisories/GHSA-q759-hwvc-m3jg
reference_id GHSA-q759-hwvc-m3jg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q759-hwvc-m3jg
21
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/actionpack@3.1.12
purl pkg:gem/actionpack@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6cjf-b88j-n3bw
7
vulnerability VCID-6jdd-kze9-myfz
8
vulnerability VCID-7yhn-w7nv-xqf7
9
vulnerability VCID-9w4d-2z52-wyaf
10
vulnerability VCID-auvj-pgpu-mybv
11
vulnerability VCID-b5zn-u8pu-zya6
12
vulnerability VCID-ct3m-wed2-6bhq
13
vulnerability VCID-dz1r-ae9g-57en
14
vulnerability VCID-f22x-hsz9-kfau
15
vulnerability VCID-f8s8-epzh-3bhw
16
vulnerability VCID-fm16-z8wy-6fgz
17
vulnerability VCID-fnkq-8eys-gygm
18
vulnerability VCID-ghfd-u91m-dbdz
19
vulnerability VCID-gqg3-gs2h-zugf
20
vulnerability VCID-hud5-xxhh-u3ex
21
vulnerability VCID-j52w-azvw-1ycn
22
vulnerability VCID-j585-zz5s-nqd5
23
vulnerability VCID-jnrw-sue5-zqex
24
vulnerability VCID-kyj5-b8wz-pkgj
25
vulnerability VCID-m8rg-xa7x-6yan
26
vulnerability VCID-mrwn-mkcp-j7dv
27
vulnerability VCID-n2ap-zgrd-skhf
28
vulnerability VCID-r7ur-pzac-7bbk
29
vulnerability VCID-sd3k-af7j-h7h4
30
vulnerability VCID-semx-3823-f7f6
31
vulnerability VCID-sevc-c95q-tyg8
32
vulnerability VCID-sfnx-agxs-9yc9
33
vulnerability VCID-swv6-gyb1-y7bs
34
vulnerability VCID-t1ep-g6cz-7kgr
35
vulnerability VCID-tc9x-h24m-9ufe
36
vulnerability VCID-vaa4-b9ph-b7cm
37
vulnerability VCID-wyvv-ks5y-fkex
38
vulnerability VCID-x6wm-6c84-2qdw
39
vulnerability VCID-xhqj-617q-f7fb
40
vulnerability VCID-yp5x-mgfj-xbbf
41
vulnerability VCID-ypmv-73g2-gfex
42
vulnerability VCID-yrjj-cken-6qff
43
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12
1
url pkg:gem/actionpack@3.2.13
purl pkg:gem/actionpack@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6cjf-b88j-n3bw
7
vulnerability VCID-6jdd-kze9-myfz
8
vulnerability VCID-7yhn-w7nv-xqf7
9
vulnerability VCID-9w4d-2z52-wyaf
10
vulnerability VCID-apra-79g2-wkfn
11
vulnerability VCID-auvj-pgpu-mybv
12
vulnerability VCID-b5zn-u8pu-zya6
13
vulnerability VCID-ct3m-wed2-6bhq
14
vulnerability VCID-dz1r-ae9g-57en
15
vulnerability VCID-f22x-hsz9-kfau
16
vulnerability VCID-f8s8-epzh-3bhw
17
vulnerability VCID-fm16-z8wy-6fgz
18
vulnerability VCID-fnkq-8eys-gygm
19
vulnerability VCID-ghfd-u91m-dbdz
20
vulnerability VCID-gqg3-gs2h-zugf
21
vulnerability VCID-hud5-xxhh-u3ex
22
vulnerability VCID-j52w-azvw-1ycn
23
vulnerability VCID-j585-zz5s-nqd5
24
vulnerability VCID-jnrw-sue5-zqex
25
vulnerability VCID-kyj5-b8wz-pkgj
26
vulnerability VCID-m8rg-xa7x-6yan
27
vulnerability VCID-mrwn-mkcp-j7dv
28
vulnerability VCID-n2ap-zgrd-skhf
29
vulnerability VCID-r7ur-pzac-7bbk
30
vulnerability VCID-sd3k-af7j-h7h4
31
vulnerability VCID-semx-3823-f7f6
32
vulnerability VCID-sevc-c95q-tyg8
33
vulnerability VCID-sfnx-agxs-9yc9
34
vulnerability VCID-swv6-gyb1-y7bs
35
vulnerability VCID-t1ep-g6cz-7kgr
36
vulnerability VCID-tc9x-h24m-9ufe
37
vulnerability VCID-vaa4-b9ph-b7cm
38
vulnerability VCID-vm51-p4w4-n3du
39
vulnerability VCID-wyvv-ks5y-fkex
40
vulnerability VCID-x6wm-6c84-2qdw
41
vulnerability VCID-xhqj-617q-f7fb
42
vulnerability VCID-yp5x-mgfj-xbbf
43
vulnerability VCID-ypmv-73g2-gfex
44
vulnerability VCID-yrjj-cken-6qff
45
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13
aliases CVE-2013-1855, GHSA-q759-hwvc-m3jg, OSV-91452
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqg3-gs2h-zugf
21
url VCID-hud5-xxhh-u3ex
vulnerability_id VCID-hud5-xxhh-u3ex
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0446
reference_id
reference_type
scores
0
value 0.0067
scoring_system epss
scoring_elements 0.71687
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0446
5
reference_url http://secunia.com/advisories/43274
reference_id
reference_type
scores
url http://secunia.com/advisories/43274
6
reference_url http://secunia.com/advisories/43666
reference_id
reference_type
scores
url http://secunia.com/advisories/43666
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217
9
reference_url https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2
10
reference_url https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
11
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274
12
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666
13
reference_url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
14
reference_url https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064
15
reference_url http://www.debian.org/security/2011/dsa-2247
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2247
16
reference_url http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46291
17
reference_url http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1025064
18
reference_url http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0587
19
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id 614864
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0446
reference_id CVE-2011-0446
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0446
22
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml
reference_id CVE-2011-0446.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml
reference_id CVE-2011-0446.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml
24
reference_url https://github.com/advisories/GHSA-75w6-p6mg-vh8j
reference_id GHSA-75w6-p6mg-vh8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75w6-p6mg-vh8j
25
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-0446, GHSA-75w6-p6mg-vh8j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hud5-xxhh-u3ex
22
url VCID-j52w-azvw-1ycn
vulnerability_id VCID-j52w-azvw-1ycn
summary 
Directory Traversal Vulnerability With Certain Route Configurations
The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the RoR application server.
references
0
reference_url http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
1
reference_url http://osvdb.org/show/osvdb/106704
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/106704
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
3
reference_url https://access.redhat.com/errata/RHSA-2014:0510
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:0510
4
reference_url https://access.redhat.com/errata/RHSA-2014:0816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:0816
5
reference_url https://access.redhat.com/errata/RHSA-2014:1863
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1863
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0130
reference_id
reference_type
scores
0
value 0.5271
scoring_system epss
scoring_elements 0.97991
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0130
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1095105
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1095105
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
12
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
13
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
14
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
15
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk
16
reference_url https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244
17
reference_url https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
18
reference_url https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
19
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130
20
reference_url http://www.securityfocus.com/bid/67244
reference_id 67244
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url http://www.securityfocus.com/bid/67244
21
reference_url https://access.redhat.com/security/cve/CVE-2014-0130
reference_id CVE-2014-0130
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-0130
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0130
reference_id CVE-2014-0130
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0130
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml
reference_id CVE-2014-0130.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml
24
reference_url https://github.com/advisories/GHSA-6x85-j5j2-27jx
reference_id GHSA-6x85-j5j2-27jx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6x85-j5j2-27jx
fixed_packages
0
url pkg:gem/actionpack@3.2.18
purl pkg:gem/actionpack@3.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-31rm-1rpc-g3dq
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-6cjf-b88j-n3bw
5
vulnerability VCID-6jdd-kze9-myfz
6
vulnerability VCID-7yhn-w7nv-xqf7
7
vulnerability VCID-9w4d-2z52-wyaf
8
vulnerability VCID-apra-79g2-wkfn
9
vulnerability VCID-b5zn-u8pu-zya6
10
vulnerability VCID-ct3m-wed2-6bhq
11
vulnerability VCID-dz1r-ae9g-57en
12
vulnerability VCID-f22x-hsz9-kfau
13
vulnerability VCID-fm16-z8wy-6fgz
14
vulnerability VCID-fnkq-8eys-gygm
15
vulnerability VCID-hud5-xxhh-u3ex
16
vulnerability VCID-j585-zz5s-nqd5
17
vulnerability VCID-jnrw-sue5-zqex
18
vulnerability VCID-kyj5-b8wz-pkgj
19
vulnerability VCID-m8rg-xa7x-6yan
20
vulnerability VCID-mrwn-mkcp-j7dv
21
vulnerability VCID-n2ap-zgrd-skhf
22
vulnerability VCID-r7ur-pzac-7bbk
23
vulnerability VCID-sd3k-af7j-h7h4
24
vulnerability VCID-semx-3823-f7f6
25
vulnerability VCID-sevc-c95q-tyg8
26
vulnerability VCID-t1ep-g6cz-7kgr
27
vulnerability VCID-tc9x-h24m-9ufe
28
vulnerability VCID-vm51-p4w4-n3du
29
vulnerability VCID-wyvv-ks5y-fkex
30
vulnerability VCID-x6wm-6c84-2qdw
31
vulnerability VCID-xhqj-617q-f7fb
32
vulnerability VCID-yp5x-mgfj-xbbf
33
vulnerability VCID-ypmv-73g2-gfex
34
vulnerability VCID-yrjj-cken-6qff
35
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.18
1
url pkg:gem/actionpack@4.0.5
purl pkg:gem/actionpack@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-31rm-1rpc-g3dq
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-6cjf-b88j-n3bw
5
vulnerability VCID-6jdd-kze9-myfz
6
vulnerability VCID-7yhn-w7nv-xqf7
7
vulnerability VCID-9w4d-2z52-wyaf
8
vulnerability VCID-apra-79g2-wkfn
9
vulnerability VCID-b5zn-u8pu-zya6
10
vulnerability VCID-ct3m-wed2-6bhq
11
vulnerability VCID-dz1r-ae9g-57en
12
vulnerability VCID-f22x-hsz9-kfau
13
vulnerability VCID-fm16-z8wy-6fgz
14
vulnerability VCID-fnkq-8eys-gygm
15
vulnerability VCID-hud5-xxhh-u3ex
16
vulnerability VCID-j585-zz5s-nqd5
17
vulnerability VCID-jnrw-sue5-zqex
18
vulnerability VCID-kyj5-b8wz-pkgj
19
vulnerability VCID-m8rg-xa7x-6yan
20
vulnerability VCID-mrwn-mkcp-j7dv
21
vulnerability VCID-n2ap-zgrd-skhf
22
vulnerability VCID-pssv-24tn-kkc5
23
vulnerability VCID-r7ur-pzac-7bbk
24
vulnerability VCID-sd3k-af7j-h7h4
25
vulnerability VCID-semx-3823-f7f6
26
vulnerability VCID-sevc-c95q-tyg8
27
vulnerability VCID-t1ep-g6cz-7kgr
28
vulnerability VCID-tc9x-h24m-9ufe
29
vulnerability VCID-wyvv-ks5y-fkex
30
vulnerability VCID-x6wm-6c84-2qdw
31
vulnerability VCID-xhqj-617q-f7fb
32
vulnerability VCID-yp5x-mgfj-xbbf
33
vulnerability VCID-ypmv-73g2-gfex
34
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.5
2
url pkg:gem/actionpack@4.1.1
purl pkg:gem/actionpack@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-31rm-1rpc-g3dq
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-6cjf-b88j-n3bw
5
vulnerability VCID-6jdd-kze9-myfz
6
vulnerability VCID-7yhn-w7nv-xqf7
7
vulnerability VCID-9w4d-2z52-wyaf
8
vulnerability VCID-apra-79g2-wkfn
9
vulnerability VCID-b5zn-u8pu-zya6
10
vulnerability VCID-ct3m-wed2-6bhq
11
vulnerability VCID-dz1r-ae9g-57en
12
vulnerability VCID-f22x-hsz9-kfau
13
vulnerability VCID-fm16-z8wy-6fgz
14
vulnerability VCID-fnkq-8eys-gygm
15
vulnerability VCID-hud5-xxhh-u3ex
16
vulnerability VCID-j585-zz5s-nqd5
17
vulnerability VCID-jnrw-sue5-zqex
18
vulnerability VCID-kyj5-b8wz-pkgj
19
vulnerability VCID-m8rg-xa7x-6yan
20
vulnerability VCID-mrwn-mkcp-j7dv
21
vulnerability VCID-n2ap-zgrd-skhf
22
vulnerability VCID-pssv-24tn-kkc5
23
vulnerability VCID-r7ur-pzac-7bbk
24
vulnerability VCID-sd3k-af7j-h7h4
25
vulnerability VCID-semx-3823-f7f6
26
vulnerability VCID-sevc-c95q-tyg8
27
vulnerability VCID-t1ep-g6cz-7kgr
28
vulnerability VCID-tc9x-h24m-9ufe
29
vulnerability VCID-wyvv-ks5y-fkex
30
vulnerability VCID-x6wm-6c84-2qdw
31
vulnerability VCID-xhqj-617q-f7fb
32
vulnerability VCID-yp5x-mgfj-xbbf
33
vulnerability VCID-ypmv-73g2-gfex
34
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1
aliases CVE-2014-0130, GHSA-6x85-j5j2-27jx
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j52w-azvw-1ycn
23
url VCID-j585-zz5s-nqd5
vulnerability_id VCID-j585-zz5s-nqd5
summary 
Timing attack vulnerability in basic authentication
Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
6
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7576
reference_id
reference_type
scores
0
value 0.01119
scoring_system epss
scoring_elements 0.78545
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7576
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
18
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
19
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
20
reference_url https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd
21
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ
22
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
23
reference_url https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816
24
reference_url https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803
25
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
26
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/8
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/25/8
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301933
reference_id 1301933
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301933
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7576
reference_id CVE-2015-7576
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7576
29
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml
reference_id CVE-2015-7576.YML
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml
30
reference_url https://github.com/advisories/GHSA-p692-7mm3-3fxg
reference_id GHSA-p692-7mm3-3fxg
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p692-7mm3-3fxg
31
reference_url https://access.redhat.com/errata/RHSA-2016:0296
reference_id RHSA-2016:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0296
32
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
33
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
fixed_packages
0
url pkg:gem/actionpack@3.2.22.1
purl pkg:gem/actionpack@3.2.22.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fn9u-w13j-43dz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-r7ur-pzac-7bbk
21
vulnerability VCID-sd3k-af7j-h7h4
22
vulnerability VCID-semx-3823-f7f6
23
vulnerability VCID-sevc-c95q-tyg8
24
vulnerability VCID-tc9x-h24m-9ufe
25
vulnerability VCID-vm51-p4w4-n3du
26
vulnerability VCID-x6wm-6c84-2qdw
27
vulnerability VCID-xhqj-617q-f7fb
28
vulnerability VCID-yp5x-mgfj-xbbf
29
vulnerability VCID-ypmv-73g2-gfex
30
vulnerability VCID-yrjj-cken-6qff
31
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1
1
url pkg:gem/actionpack@4.1.14.1
purl pkg:gem/actionpack@4.1.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fn9u-w13j-43dz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-r7ur-pzac-7bbk
21
vulnerability VCID-sd3k-af7j-h7h4
22
vulnerability VCID-semx-3823-f7f6
23
vulnerability VCID-sevc-c95q-tyg8
24
vulnerability VCID-tc9x-h24m-9ufe
25
vulnerability VCID-vm51-p4w4-n3du
26
vulnerability VCID-x6wm-6c84-2qdw
27
vulnerability VCID-xhqj-617q-f7fb
28
vulnerability VCID-yp5x-mgfj-xbbf
29
vulnerability VCID-ypmv-73g2-gfex
30
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1
2
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fn9u-w13j-43dz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-r7ur-pzac-7bbk
21
vulnerability VCID-sd3k-af7j-h7h4
22
vulnerability VCID-semx-3823-f7f6
23
vulnerability VCID-sevc-c95q-tyg8
24
vulnerability VCID-tc9x-h24m-9ufe
25
vulnerability VCID-x6wm-6c84-2qdw
26
vulnerability VCID-xhqj-617q-f7fb
27
vulnerability VCID-yp5x-mgfj-xbbf
28
vulnerability VCID-ypmv-73g2-gfex
29
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
3
url pkg:gem/actionpack@5.0.0.beta1.1
purl pkg:gem/actionpack@5.0.0.beta1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-b5zn-u8pu-zya6
8
vulnerability VCID-dz1r-ae9g-57en
9
vulnerability VCID-f22x-hsz9-kfau
10
vulnerability VCID-fm16-z8wy-6fgz
11
vulnerability VCID-fnkq-8eys-gygm
12
vulnerability VCID-hud5-xxhh-u3ex
13
vulnerability VCID-jnrw-sue5-zqex
14
vulnerability VCID-kyj5-b8wz-pkgj
15
vulnerability VCID-m8rg-xa7x-6yan
16
vulnerability VCID-mrwn-mkcp-j7dv
17
vulnerability VCID-n2ap-zgrd-skhf
18
vulnerability VCID-r7ur-pzac-7bbk
19
vulnerability VCID-sd3k-af7j-h7h4
20
vulnerability VCID-semx-3823-f7f6
21
vulnerability VCID-sevc-c95q-tyg8
22
vulnerability VCID-tc9x-h24m-9ufe
23
vulnerability VCID-x6wm-6c84-2qdw
24
vulnerability VCID-xhqj-617q-f7fb
25
vulnerability VCID-yp5x-mgfj-xbbf
26
vulnerability VCID-ypmv-73g2-gfex
27
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1
aliases CVE-2015-7576, GHSA-p692-7mm3-3fxg
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j585-zz5s-nqd5
24
url VCID-jnrw-sue5-zqex
vulnerability_id VCID-jnrw-sue5-zqex
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2931
reference_id
reference_type
scores
0
value 0.00813
scoring_system epss
scoring_elements 0.74566
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2931
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731436
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731436
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931
7
reference_url http://secunia.com/advisories/45921
reference_id
reference_type
scores
url http://secunia.com/advisories/45921
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a
10
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
11
reference_url http://www.debian.org/security/2011/dsa-2301
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2301
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
15
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
16
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
17
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2931
reference_id CVE-2011-2931
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2931
19
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml
reference_id CVE-2011-2931.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml
20
reference_url https://github.com/advisories/GHSA-v5jg-558j-q67c
reference_id GHSA-v5jg-558j-q67c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v5jg-558j-q67c
21
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
aliases CVE-2011-2931, GHSA-v5jg-558j-q67c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jnrw-sue5-zqex
25
url VCID-kyj5-b8wz-pkgj
vulnerability_id VCID-kyj5-b8wz-pkgj
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
3
reference_url http://openwall.com/lists/oss-security/2011/06/09/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/09/2
4
reference_url http://openwall.com/lists/oss-security/2011/06/13/9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/13/9
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63561
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
6
reference_url http://secunia.com/advisories/44789
reference_id
reference_type
scores
url http://secunia.com/advisories/44789
7
reference_url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
10
reference_url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
11
reference_url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
reference_id CVE-2011-2197
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
reference_id CVE-2011-2197.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
14
reference_url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
reference_id GHSA-v9v4-7jp6-8c73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
fixed_packages
aliases CVE-2011-2197, GHSA-v9v4-7jp6-8c73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kyj5-b8wz-pkgj
26
url VCID-m8rg-xa7x-6yan
vulnerability_id VCID-m8rg-xa7x-6yan
summary 
Improper Input Validation
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2929
reference_id
reference_type
scores
0
value 0.00814
scoring_system epss
scoring_elements 0.74586
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2929
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731432
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731432
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552
7
reference_url https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
8
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
9
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
10
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2929
reference_id CVE-2011-2929
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2929
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml
reference_id CVE-2011-2929.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml
17
reference_url https://github.com/advisories/GHSA-r7q2-5gqg-6c7q
reference_id GHSA-r7q2-5gqg-6c7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7q2-5gqg-6c7q
18
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/actionpack@3.1.0
purl pkg:gem/actionpack@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-de5p-39kn-pkd3
16
vulnerability VCID-dz1r-ae9g-57en
17
vulnerability VCID-f22x-hsz9-kfau
18
vulnerability VCID-f8s8-epzh-3bhw
19
vulnerability VCID-fm16-z8wy-6fgz
20
vulnerability VCID-fnkq-8eys-gygm
21
vulnerability VCID-ghfd-u91m-dbdz
22
vulnerability VCID-gqg3-gs2h-zugf
23
vulnerability VCID-hpu4-xbs2-fugs
24
vulnerability VCID-hud5-xxhh-u3ex
25
vulnerability VCID-j52w-azvw-1ycn
26
vulnerability VCID-j585-zz5s-nqd5
27
vulnerability VCID-jnrw-sue5-zqex
28
vulnerability VCID-kyj5-b8wz-pkgj
29
vulnerability VCID-m8rg-xa7x-6yan
30
vulnerability VCID-mrwn-mkcp-j7dv
31
vulnerability VCID-n2ap-zgrd-skhf
32
vulnerability VCID-pzs8-zstn-hbf2
33
vulnerability VCID-r7ur-pzac-7bbk
34
vulnerability VCID-sd3k-af7j-h7h4
35
vulnerability VCID-semx-3823-f7f6
36
vulnerability VCID-sevc-c95q-tyg8
37
vulnerability VCID-sfnx-agxs-9yc9
38
vulnerability VCID-swv6-gyb1-y7bs
39
vulnerability VCID-t1ep-g6cz-7kgr
40
vulnerability VCID-tc9x-h24m-9ufe
41
vulnerability VCID-vaa4-b9ph-b7cm
42
vulnerability VCID-wyvv-ks5y-fkex
43
vulnerability VCID-x6wm-6c84-2qdw
44
vulnerability VCID-xhqj-617q-f7fb
45
vulnerability VCID-yp5x-mgfj-xbbf
46
vulnerability VCID-ypmv-73g2-gfex
47
vulnerability VCID-yrjj-cken-6qff
48
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0
aliases CVE-2011-2929, GHSA-r7q2-5gqg-6c7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m8rg-xa7x-6yan
27
url VCID-mrwn-mkcp-j7dv
vulnerability_id VCID-mrwn-mkcp-j7dv
summary
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
reference_id
reference_type
scores
0
value 0.07389
scoring_system epss
scoring_elements 0.91846
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
13
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
14
reference_url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
15
reference_url https://hackerone.com/reports/292797
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/292797
16
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
17
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
18
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
reference_id 1842634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
reference_id CVE-2020-8164
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
reference_id CVE-2020-8164.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
22
reference_url https://github.com/advisories/GHSA-8727-m6gj-mc37
reference_id GHSA-8727-m6gj-mc37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8727-m6gj-mc37
23
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/actionpack@5.2.4.3
purl pkg:gem/actionpack@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-1f8y-2bmg-qufg
2
vulnerability VCID-43zc-ndt3-xfc5
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-7yhn-w7nv-xqf7
5
vulnerability VCID-9w4d-2z52-wyaf
6
vulnerability VCID-be3d-1x2j-qffu
7
vulnerability VCID-f22x-hsz9-kfau
8
vulnerability VCID-fnkq-8eys-gygm
9
vulnerability VCID-n2ap-zgrd-skhf
10
vulnerability VCID-sd3k-af7j-h7h4
11
vulnerability VCID-semx-3823-f7f6
12
vulnerability VCID-x6wm-6c84-2qdw
13
vulnerability VCID-xhqj-617q-f7fb
14
vulnerability VCID-yp5x-mgfj-xbbf
15
vulnerability VCID-ypmv-73g2-gfex
16
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.4.3
1
url pkg:gem/actionpack@6.0.3.1
purl pkg:gem/actionpack@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-1f8y-2bmg-qufg
2
vulnerability VCID-43zc-ndt3-xfc5
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-7yhn-w7nv-xqf7
5
vulnerability VCID-8c6b-8z6x-2uen
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-be3d-1x2j-qffu
8
vulnerability VCID-e4f9-zs85-4bgh
9
vulnerability VCID-eecu-e2ds-jbdc
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fnkq-8eys-gygm
12
vulnerability VCID-n2ap-zgrd-skhf
13
vulnerability VCID-nvse-2qzf-n7ba
14
vulnerability VCID-sd3k-af7j-h7h4
15
vulnerability VCID-semx-3823-f7f6
16
vulnerability VCID-t7pe-vz5p-rfed
17
vulnerability VCID-x6wm-6c84-2qdw
18
vulnerability VCID-xhqj-617q-f7fb
19
vulnerability VCID-yp5x-mgfj-xbbf
20
vulnerability VCID-ypmv-73g2-gfex
21
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.3.1
aliases CVE-2020-8164, GHSA-8727-m6gj-mc37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mrwn-mkcp-j7dv
28
url VCID-n2ap-zgrd-skhf
vulnerability_id VCID-n2ap-zgrd-skhf
summary 
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
reference_id
reference_type
scores
0
value 0.01339
scoring_system epss
scoring_elements 0.80316
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
2
reference_url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
6
reference_url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
7
reference_url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
8
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
9
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
11
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
reference_id 2164799
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
reference_id CVE-2023-22795
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
15
reference_url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
reference_id GHSA-8xww-x3g3-6jcv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
16
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/actionpack@5.2.8
purl pkg:gem/actionpack@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-semx-3823-f7f6
6
vulnerability VCID-xhqj-617q-f7fb
7
vulnerability VCID-yp5x-mgfj-xbbf
8
vulnerability VCID-ypmv-73g2-gfex
9
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8
1
url pkg:gem/actionpack@6.1.7.1
purl pkg:gem/actionpack@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-semx-3823-f7f6
6
vulnerability VCID-xhqj-617q-f7fb
7
vulnerability VCID-yp5x-mgfj-xbbf
8
vulnerability VCID-ypmv-73g2-gfex
9
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1
2
url pkg:gem/actionpack@7.0.4.1
purl pkg:gem/actionpack@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-semx-3823-f7f6
6
vulnerability VCID-xhqj-617q-f7fb
7
vulnerability VCID-yp5x-mgfj-xbbf
8
vulnerability VCID-ypmv-73g2-gfex
9
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1
aliases CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2ap-zgrd-skhf
29
url VCID-r7ur-pzac-7bbk
vulnerability_id VCID-r7ur-pzac-7bbk
summary 
Improper Input Validation
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
references
0
reference_url http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
reference_id
reference_type
scores
url http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3187
reference_id
reference_type
scores
0
value 0.08484
scoring_system epss
scoring_elements 0.92491
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3187
2
reference_url https://bugzilla.novell.com/show_bug.cgi?id=673010
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.novell.com/show_bug.cgi?id=673010
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
5
reference_url http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html
6
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
7
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
8
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
9
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
10
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3187
reference_id CVE-2011-3187
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3187
13
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb
reference_id CVE-2011-3187;OSVDB-73733
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb
14
reference_url https://www.securityfocus.com/bid/46423/info
reference_id CVE-2011-3187;OSVDB-73733
reference_type exploit
scores
url https://www.securityfocus.com/bid/46423/info
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml
reference_id CVE-2011-3187.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml
16
reference_url https://github.com/advisories/GHSA-3vfw-7rcp-3xgm
reference_id GHSA-3vfw-7rcp-3xgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vfw-7rcp-3xgm
fixed_packages
aliases CVE-2011-3187, GHSA-3vfw-7rcp-3xgm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7ur-pzac-7bbk
30
url VCID-sd3k-af7j-h7h4
vulnerability_id VCID-sd3k-af7j-h7h4
summary open redirect
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22903
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26532
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22903
2
reference_url https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails/releases/tag/v6.1.3.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.3.2
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml
6
reference_url https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0
7
reference_url https://hackerone.com/reports/1148025
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1148025
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22903
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22903
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1957438
reference_id 1957438
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1957438
10
reference_url https://security.archlinux.org/AVG-1919
reference_id AVG-1919
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1919
11
reference_url https://github.com/advisories/GHSA-5hq2-xf89-9jxq
reference_id GHSA-5hq2-xf89-9jxq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hq2-xf89-9jxq
fixed_packages
0
url pkg:gem/actionpack@6.1.3.2
purl pkg:gem/actionpack@6.1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1f8y-2bmg-qufg
1
vulnerability VCID-43zc-ndt3-xfc5
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-9w4d-2z52-wyaf
4
vulnerability VCID-eecu-e2ds-jbdc
5
vulnerability VCID-f22x-hsz9-kfau
6
vulnerability VCID-fnkq-8eys-gygm
7
vulnerability VCID-n2ap-zgrd-skhf
8
vulnerability VCID-nvse-2qzf-n7ba
9
vulnerability VCID-semx-3823-f7f6
10
vulnerability VCID-x6wm-6c84-2qdw
11
vulnerability VCID-xhqj-617q-f7fb
12
vulnerability VCID-yp5x-mgfj-xbbf
13
vulnerability VCID-ypmv-73g2-gfex
14
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.3.2
aliases CVE-2021-22903, GHSA-5hq2-xf89-9jxq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd3k-af7j-h7h4
31
url VCID-semx-3823-f7f6
vulnerability_id VCID-semx-3823-f7f6
summary 
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
The `redirect_to` method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been assigned the CVE identifier CVE-2023-28362.

Versions Affected: All. Not affected: None Fixed Versions: 7.0.5.1, 6.1.7.4
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28362
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45273
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28362
2
reference_url https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements
1
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441
6
reference_url https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5
7
reference_url https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23
8
reference_url https://security.netapp.com/advisory/ntap-20250502-0009
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250502-0009
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058
reference_id 1051058
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2217785
reference_id 2217785
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2217785
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28362
reference_id CVE-2023-28362
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28362
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml
reference_id CVE-2023-28362.YML
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml
13
reference_url https://github.com/advisories/GHSA-4g8v-vg43-wpgf
reference_id GHSA-4g8v-vg43-wpgf
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://github.com/advisories/GHSA-4g8v-vg43-wpgf
14
reference_url https://access.redhat.com/errata/RHSA-2023:7851
reference_id RHSA-2023:7851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7851
fixed_packages
0
url pkg:gem/actionpack@6.1.7.4
purl pkg:gem/actionpack@6.1.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-xhqj-617q-f7fb
5
vulnerability VCID-ypmv-73g2-gfex
6
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.4
1
url pkg:gem/actionpack@7.0.5.1
purl pkg:gem/actionpack@7.0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-xhqj-617q-f7fb
5
vulnerability VCID-ypmv-73g2-gfex
6
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.5.1
aliases CVE-2023-28362, GHSA-4g8v-vg43-wpgf
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-semx-3823-f7f6
32
url VCID-sevc-c95q-tyg8
vulnerability_id VCID-sevc-c95q-tyg8
summary 
Improper Input Validation
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
2
reference_url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
3
reference_url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-7248
reference_id
reference_type
scores
0
value 0.11409
scoring_system epss
scoring_elements 0.93691
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-7248
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=544329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=544329
7
reference_url http://secunia.com/advisories/36600
reference_id
reference_type
scores
url http://secunia.com/advisories/36600
8
reference_url http://secunia.com/advisories/38915
reference_id
reference_type
scores
url http://secunia.com/advisories/38915
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
11
reference_url https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
12
reference_url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
13
reference_url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup
14
reference_url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
15
reference_url https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544
16
reference_url https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
17
reference_url https://www.openwall.com/lists/oss-security/2009/11/28/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2009/11/28/1
18
reference_url https://www.openwall.com/lists/oss-security/2009/12/02/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2009/12/02/2
19
reference_url https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
20
reference_url http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
21
reference_url http://www.openwall.com/lists/oss-security/2009/11/28/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/11/28/1
22
reference_url http://www.openwall.com/lists/oss-security/2009/12/02/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/12/02/2
23
reference_url http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
url http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
24
reference_url http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/2544
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id 558685
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
26
reference_url https://access.redhat.com/security/cve/CVE-2008-7248
reference_id CVE-2008-7248
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2008-7248
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-7248
reference_id CVE-2008-7248
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-7248
28
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
reference_id CVE-2008-7248;OSVDB-61124
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
29
reference_url https://www.securityfocus.com/bid/37322/info
reference_id CVE-2008-7248;OSVDB-61124
reference_type exploit
scores
url https://www.securityfocus.com/bid/37322/info
30
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml
reference_id CVE-2008-7248.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml
31
reference_url https://github.com/advisories/GHSA-8fqx-7pv4-3jwm
reference_id GHSA-8fqx-7pv4-3jwm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8fqx-7pv4-3jwm
32
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
aliases CVE-2008-7248, GHSA-8fqx-7pv4-3jwm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sevc-c95q-tyg8
33
url VCID-sfnx-agxs-9yc9
vulnerability_id VCID-sfnx-agxs-9yc9
summary 
XSS Vulnerability in number_to_currency
The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2013-1794.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1794.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0008.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
9
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6415
reference_id
reference_type
scores
0
value 0.01506
scoring_system epss
scoring_elements 0.81475
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6415
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
16
reference_url http://seclists.org/oss-sec/2013/q4/402
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/402
17
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ
18
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
19
reference_url https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077
20
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
21
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
22
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036910
reference_id 1036910
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036910
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6415
reference_id CVE-2013-6415
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6415
25
reference_url https://puppet.com/security/cve/cve-2013-6415
reference_id CVE-2013-6415
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-6415
26
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml
reference_id CVE-2013-6415.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml
27
reference_url https://github.com/advisories/GHSA-6h5q-96hp-9jgm
reference_id GHSA-6h5q-96hp-9jgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6h5q-96hp-9jgm
28
reference_url https://access.redhat.com/errata/RHSA-2013:1794
reference_id RHSA-2013:1794
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1794
29
reference_url https://access.redhat.com/errata/RHSA-2014:0008
reference_id RHSA-2014:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0008
fixed_packages
0
url pkg:gem/actionpack@3.2.16
purl pkg:gem/actionpack@3.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-f8s8-epzh-3bhw
15
vulnerability VCID-fm16-z8wy-6fgz
16
vulnerability VCID-fnkq-8eys-gygm
17
vulnerability VCID-hud5-xxhh-u3ex
18
vulnerability VCID-j52w-azvw-1ycn
19
vulnerability VCID-j585-zz5s-nqd5
20
vulnerability VCID-jnrw-sue5-zqex
21
vulnerability VCID-kyj5-b8wz-pkgj
22
vulnerability VCID-m8rg-xa7x-6yan
23
vulnerability VCID-mrwn-mkcp-j7dv
24
vulnerability VCID-n2ap-zgrd-skhf
25
vulnerability VCID-r7ur-pzac-7bbk
26
vulnerability VCID-sd3k-af7j-h7h4
27
vulnerability VCID-semx-3823-f7f6
28
vulnerability VCID-sevc-c95q-tyg8
29
vulnerability VCID-t1ep-g6cz-7kgr
30
vulnerability VCID-tc9x-h24m-9ufe
31
vulnerability VCID-vm51-p4w4-n3du
32
vulnerability VCID-wyvv-ks5y-fkex
33
vulnerability VCID-x6wm-6c84-2qdw
34
vulnerability VCID-xhqj-617q-f7fb
35
vulnerability VCID-yp5x-mgfj-xbbf
36
vulnerability VCID-ypmv-73g2-gfex
37
vulnerability VCID-yrjj-cken-6qff
38
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16
1
url pkg:gem/actionpack@4.0.2
purl pkg:gem/actionpack@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-fm16-z8wy-6fgz
15
vulnerability VCID-fnkq-8eys-gygm
16
vulnerability VCID-hud5-xxhh-u3ex
17
vulnerability VCID-j52w-azvw-1ycn
18
vulnerability VCID-j585-zz5s-nqd5
19
vulnerability VCID-jnrw-sue5-zqex
20
vulnerability VCID-kyj5-b8wz-pkgj
21
vulnerability VCID-m8rg-xa7x-6yan
22
vulnerability VCID-mrwn-mkcp-j7dv
23
vulnerability VCID-n2ap-zgrd-skhf
24
vulnerability VCID-pssv-24tn-kkc5
25
vulnerability VCID-r7ur-pzac-7bbk
26
vulnerability VCID-sd3k-af7j-h7h4
27
vulnerability VCID-semx-3823-f7f6
28
vulnerability VCID-sevc-c95q-tyg8
29
vulnerability VCID-t1ep-g6cz-7kgr
30
vulnerability VCID-tc9x-h24m-9ufe
31
vulnerability VCID-wyvv-ks5y-fkex
32
vulnerability VCID-x6wm-6c84-2qdw
33
vulnerability VCID-xhqj-617q-f7fb
34
vulnerability VCID-yp5x-mgfj-xbbf
35
vulnerability VCID-ypmv-73g2-gfex
36
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2
aliases CVE-2013-6415, GHSA-6h5q-96hp-9jgm, OSV-100524
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfnx-agxs-9yc9
34
url VCID-swv6-gyb1-y7bs
vulnerability_id VCID-swv6-gyb1-y7bs
summary 
XSS Vulnerability in simple_format helper
The simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6416
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46636
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6416
2
reference_url http://seclists.org/oss-sec/2013/q4/404
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/404
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454
5
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ
6
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM
7
reference_url https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071
8
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
9
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036914
reference_id 1036914
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036914
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6416
reference_id CVE-2013-6416
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6416
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml
reference_id CVE-2013-6416.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml
13
reference_url https://github.com/advisories/GHSA-w37c-q653-qg95
reference_id GHSA-w37c-q653-qg95
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w37c-q653-qg95
fixed_packages
0
url pkg:gem/actionpack@3.1.0
purl pkg:gem/actionpack@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-de5p-39kn-pkd3
16
vulnerability VCID-dz1r-ae9g-57en
17
vulnerability VCID-f22x-hsz9-kfau
18
vulnerability VCID-f8s8-epzh-3bhw
19
vulnerability VCID-fm16-z8wy-6fgz
20
vulnerability VCID-fnkq-8eys-gygm
21
vulnerability VCID-ghfd-u91m-dbdz
22
vulnerability VCID-gqg3-gs2h-zugf
23
vulnerability VCID-hpu4-xbs2-fugs
24
vulnerability VCID-hud5-xxhh-u3ex
25
vulnerability VCID-j52w-azvw-1ycn
26
vulnerability VCID-j585-zz5s-nqd5
27
vulnerability VCID-jnrw-sue5-zqex
28
vulnerability VCID-kyj5-b8wz-pkgj
29
vulnerability VCID-m8rg-xa7x-6yan
30
vulnerability VCID-mrwn-mkcp-j7dv
31
vulnerability VCID-n2ap-zgrd-skhf
32
vulnerability VCID-pzs8-zstn-hbf2
33
vulnerability VCID-r7ur-pzac-7bbk
34
vulnerability VCID-sd3k-af7j-h7h4
35
vulnerability VCID-semx-3823-f7f6
36
vulnerability VCID-sevc-c95q-tyg8
37
vulnerability VCID-sfnx-agxs-9yc9
38
vulnerability VCID-swv6-gyb1-y7bs
39
vulnerability VCID-t1ep-g6cz-7kgr
40
vulnerability VCID-tc9x-h24m-9ufe
41
vulnerability VCID-vaa4-b9ph-b7cm
42
vulnerability VCID-wyvv-ks5y-fkex
43
vulnerability VCID-x6wm-6c84-2qdw
44
vulnerability VCID-xhqj-617q-f7fb
45
vulnerability VCID-yp5x-mgfj-xbbf
46
vulnerability VCID-ypmv-73g2-gfex
47
vulnerability VCID-yrjj-cken-6qff
48
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0
1
url pkg:gem/actionpack@3.2.0
purl pkg:gem/actionpack@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-apra-79g2-wkfn
13
vulnerability VCID-auvj-pgpu-mybv
14
vulnerability VCID-b5zn-u8pu-zya6
15
vulnerability VCID-ct3m-wed2-6bhq
16
vulnerability VCID-de5p-39kn-pkd3
17
vulnerability VCID-dz1r-ae9g-57en
18
vulnerability VCID-f22x-hsz9-kfau
19
vulnerability VCID-f8s8-epzh-3bhw
20
vulnerability VCID-fm16-z8wy-6fgz
21
vulnerability VCID-fn9u-w13j-43dz
22
vulnerability VCID-fnkq-8eys-gygm
23
vulnerability VCID-ghfd-u91m-dbdz
24
vulnerability VCID-gqg3-gs2h-zugf
25
vulnerability VCID-hpu4-xbs2-fugs
26
vulnerability VCID-hud5-xxhh-u3ex
27
vulnerability VCID-j52w-azvw-1ycn
28
vulnerability VCID-j585-zz5s-nqd5
29
vulnerability VCID-jnrw-sue5-zqex
30
vulnerability VCID-kyj5-b8wz-pkgj
31
vulnerability VCID-m8rg-xa7x-6yan
32
vulnerability VCID-mrwn-mkcp-j7dv
33
vulnerability VCID-n2ap-zgrd-skhf
34
vulnerability VCID-pzs8-zstn-hbf2
35
vulnerability VCID-r7ur-pzac-7bbk
36
vulnerability VCID-sd3k-af7j-h7h4
37
vulnerability VCID-semx-3823-f7f6
38
vulnerability VCID-sevc-c95q-tyg8
39
vulnerability VCID-sfnx-agxs-9yc9
40
vulnerability VCID-swv6-gyb1-y7bs
41
vulnerability VCID-t1ep-g6cz-7kgr
42
vulnerability VCID-tc9x-h24m-9ufe
43
vulnerability VCID-vaa4-b9ph-b7cm
44
vulnerability VCID-vm51-p4w4-n3du
45
vulnerability VCID-wyvv-ks5y-fkex
46
vulnerability VCID-x6wm-6c84-2qdw
47
vulnerability VCID-xhqj-617q-f7fb
48
vulnerability VCID-yp5x-mgfj-xbbf
49
vulnerability VCID-ypmv-73g2-gfex
50
vulnerability VCID-yrjj-cken-6qff
51
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0
2
url pkg:gem/actionpack@4.0.2
purl pkg:gem/actionpack@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-fm16-z8wy-6fgz
15
vulnerability VCID-fnkq-8eys-gygm
16
vulnerability VCID-hud5-xxhh-u3ex
17
vulnerability VCID-j52w-azvw-1ycn
18
vulnerability VCID-j585-zz5s-nqd5
19
vulnerability VCID-jnrw-sue5-zqex
20
vulnerability VCID-kyj5-b8wz-pkgj
21
vulnerability VCID-m8rg-xa7x-6yan
22
vulnerability VCID-mrwn-mkcp-j7dv
23
vulnerability VCID-n2ap-zgrd-skhf
24
vulnerability VCID-pssv-24tn-kkc5
25
vulnerability VCID-r7ur-pzac-7bbk
26
vulnerability VCID-sd3k-af7j-h7h4
27
vulnerability VCID-semx-3823-f7f6
28
vulnerability VCID-sevc-c95q-tyg8
29
vulnerability VCID-t1ep-g6cz-7kgr
30
vulnerability VCID-tc9x-h24m-9ufe
31
vulnerability VCID-wyvv-ks5y-fkex
32
vulnerability VCID-x6wm-6c84-2qdw
33
vulnerability VCID-xhqj-617q-f7fb
34
vulnerability VCID-yp5x-mgfj-xbbf
35
vulnerability VCID-ypmv-73g2-gfex
36
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2
aliases CVE-2013-6416, GHSA-w37c-q653-qg95, OSV-100526
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swv6-gyb1-y7bs
35
url VCID-t1ep-g6cz-7kgr
vulnerability_id VCID-t1ep-g6cz-7kgr
summary 
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7829
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.5012
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7829
3
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ
4
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
5
reference_url https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183
6
reference_url http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1164659
reference_id 1164659
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1164659
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
reference_id 770934
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7829
reference_id CVE-2014-7829
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7829
10
reference_url https://puppet.com/security/cve/cve-2014-7829
reference_id CVE-2014-7829
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2014-7829
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml
reference_id CVE-2014-7829.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml
12
reference_url https://github.com/advisories/GHSA-h56m-vwxc-3qpw
reference_id GHSA-h56m-vwxc-3qpw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h56m-vwxc-3qpw
fixed_packages
0
url pkg:gem/actionpack@3.2.21
purl pkg:gem/actionpack@3.2.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-ct3m-wed2-6bhq
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-r7ur-pzac-7bbk
22
vulnerability VCID-sd3k-af7j-h7h4
23
vulnerability VCID-semx-3823-f7f6
24
vulnerability VCID-sevc-c95q-tyg8
25
vulnerability VCID-tc9x-h24m-9ufe
26
vulnerability VCID-vm51-p4w4-n3du
27
vulnerability VCID-wyvv-ks5y-fkex
28
vulnerability VCID-x6wm-6c84-2qdw
29
vulnerability VCID-xhqj-617q-f7fb
30
vulnerability VCID-yp5x-mgfj-xbbf
31
vulnerability VCID-ypmv-73g2-gfex
32
vulnerability VCID-yrjj-cken-6qff
33
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.21
1
url pkg:gem/actionpack@4.0.11.1
purl pkg:gem/actionpack@4.0.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-ct3m-wed2-6bhq
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-pssv-24tn-kkc5
22
vulnerability VCID-r7ur-pzac-7bbk
23
vulnerability VCID-sd3k-af7j-h7h4
24
vulnerability VCID-semx-3823-f7f6
25
vulnerability VCID-sevc-c95q-tyg8
26
vulnerability VCID-tc9x-h24m-9ufe
27
vulnerability VCID-wyvv-ks5y-fkex
28
vulnerability VCID-x6wm-6c84-2qdw
29
vulnerability VCID-xhqj-617q-f7fb
30
vulnerability VCID-yp5x-mgfj-xbbf
31
vulnerability VCID-ypmv-73g2-gfex
32
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11.1
2
url pkg:gem/actionpack@4.0.12
purl pkg:gem/actionpack@4.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-ct3m-wed2-6bhq
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-pssv-24tn-kkc5
22
vulnerability VCID-r7ur-pzac-7bbk
23
vulnerability VCID-sd3k-af7j-h7h4
24
vulnerability VCID-semx-3823-f7f6
25
vulnerability VCID-sevc-c95q-tyg8
26
vulnerability VCID-t1ep-g6cz-7kgr
27
vulnerability VCID-tc9x-h24m-9ufe
28
vulnerability VCID-wyvv-ks5y-fkex
29
vulnerability VCID-x6wm-6c84-2qdw
30
vulnerability VCID-xhqj-617q-f7fb
31
vulnerability VCID-yp5x-mgfj-xbbf
32
vulnerability VCID-ypmv-73g2-gfex
33
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.12
3
url pkg:gem/actionpack@4.1.0.beta1
purl pkg:gem/actionpack@4.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-fm16-z8wy-6fgz
15
vulnerability VCID-fnkq-8eys-gygm
16
vulnerability VCID-hud5-xxhh-u3ex
17
vulnerability VCID-j585-zz5s-nqd5
18
vulnerability VCID-jnrw-sue5-zqex
19
vulnerability VCID-kyj5-b8wz-pkgj
20
vulnerability VCID-m8rg-xa7x-6yan
21
vulnerability VCID-mrwn-mkcp-j7dv
22
vulnerability VCID-n2ap-zgrd-skhf
23
vulnerability VCID-pssv-24tn-kkc5
24
vulnerability VCID-r7ur-pzac-7bbk
25
vulnerability VCID-sd3k-af7j-h7h4
26
vulnerability VCID-semx-3823-f7f6
27
vulnerability VCID-sevc-c95q-tyg8
28
vulnerability VCID-t1ep-g6cz-7kgr
29
vulnerability VCID-tc9x-h24m-9ufe
30
vulnerability VCID-wyvv-ks5y-fkex
31
vulnerability VCID-x6wm-6c84-2qdw
32
vulnerability VCID-xhqj-617q-f7fb
33
vulnerability VCID-yp5x-mgfj-xbbf
34
vulnerability VCID-ypmv-73g2-gfex
35
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1
4
url pkg:gem/actionpack@4.1.7.1
purl pkg:gem/actionpack@4.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-ct3m-wed2-6bhq
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-pssv-24tn-kkc5
22
vulnerability VCID-r7ur-pzac-7bbk
23
vulnerability VCID-sd3k-af7j-h7h4
24
vulnerability VCID-semx-3823-f7f6
25
vulnerability VCID-sevc-c95q-tyg8
26
vulnerability VCID-tc9x-h24m-9ufe
27
vulnerability VCID-wyvv-ks5y-fkex
28
vulnerability VCID-x6wm-6c84-2qdw
29
vulnerability VCID-xhqj-617q-f7fb
30
vulnerability VCID-yp5x-mgfj-xbbf
31
vulnerability VCID-ypmv-73g2-gfex
32
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7.1
5
url pkg:gem/actionpack@4.1.8
purl pkg:gem/actionpack@4.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-ct3m-wed2-6bhq
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-pssv-24tn-kkc5
22
vulnerability VCID-r7ur-pzac-7bbk
23
vulnerability VCID-sd3k-af7j-h7h4
24
vulnerability VCID-semx-3823-f7f6
25
vulnerability VCID-sevc-c95q-tyg8
26
vulnerability VCID-t1ep-g6cz-7kgr
27
vulnerability VCID-tc9x-h24m-9ufe
28
vulnerability VCID-wyvv-ks5y-fkex
29
vulnerability VCID-x6wm-6c84-2qdw
30
vulnerability VCID-xhqj-617q-f7fb
31
vulnerability VCID-yp5x-mgfj-xbbf
32
vulnerability VCID-ypmv-73g2-gfex
33
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.8
6
url pkg:gem/actionpack@4.2.0.beta1
purl pkg:gem/actionpack@4.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-31rm-1rpc-g3dq
3
vulnerability VCID-4jjq-jkgc-mkca
4
vulnerability VCID-6cjf-b88j-n3bw
5
vulnerability VCID-6jdd-kze9-myfz
6
vulnerability VCID-7yhn-w7nv-xqf7
7
vulnerability VCID-9w4d-2z52-wyaf
8
vulnerability VCID-apra-79g2-wkfn
9
vulnerability VCID-b5zn-u8pu-zya6
10
vulnerability VCID-dz1r-ae9g-57en
11
vulnerability VCID-f22x-hsz9-kfau
12
vulnerability VCID-fm16-z8wy-6fgz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-j585-zz5s-nqd5
16
vulnerability VCID-jnrw-sue5-zqex
17
vulnerability VCID-kyj5-b8wz-pkgj
18
vulnerability VCID-m8rg-xa7x-6yan
19
vulnerability VCID-mrwn-mkcp-j7dv
20
vulnerability VCID-n2ap-zgrd-skhf
21
vulnerability VCID-pssv-24tn-kkc5
22
vulnerability VCID-r7ur-pzac-7bbk
23
vulnerability VCID-sd3k-af7j-h7h4
24
vulnerability VCID-semx-3823-f7f6
25
vulnerability VCID-sevc-c95q-tyg8
26
vulnerability VCID-t1ep-g6cz-7kgr
27
vulnerability VCID-tc9x-h24m-9ufe
28
vulnerability VCID-wyvv-ks5y-fkex
29
vulnerability VCID-x6wm-6c84-2qdw
30
vulnerability VCID-xhqj-617q-f7fb
31
vulnerability VCID-yp5x-mgfj-xbbf
32
vulnerability VCID-ypmv-73g2-gfex
33
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1
7
url pkg:gem/actionpack@4.2.0.beta4
purl pkg:gem/actionpack@4.2.0.beta4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fnkq-8eys-gygm
13
vulnerability VCID-hud5-xxhh-u3ex
14
vulnerability VCID-j585-zz5s-nqd5
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-pssv-24tn-kkc5
21
vulnerability VCID-r7ur-pzac-7bbk
22
vulnerability VCID-sd3k-af7j-h7h4
23
vulnerability VCID-semx-3823-f7f6
24
vulnerability VCID-sevc-c95q-tyg8
25
vulnerability VCID-t1ep-g6cz-7kgr
26
vulnerability VCID-tc9x-h24m-9ufe
27
vulnerability VCID-wyvv-ks5y-fkex
28
vulnerability VCID-x6wm-6c84-2qdw
29
vulnerability VCID-xhqj-617q-f7fb
30
vulnerability VCID-yp5x-mgfj-xbbf
31
vulnerability VCID-ypmv-73g2-gfex
32
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta4
aliases CVE-2014-7829, GHSA-h56m-vwxc-3qpw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1ep-g6cz-7kgr
36
url VCID-tc9x-h24m-9ufe
vulnerability_id VCID-tc9x-h24m-9ufe
summary 
Translate helper method which may allow an attacker to insert arbitrary code into a page
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1
1
reference_url http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain
2
reference_url http://openwall.com/lists/oss-security/2011/11/18/8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/11/18/8
3
reference_url http://osvdb.org/77199
reference_id
reference_type
scores
url http://osvdb.org/77199
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4319
reference_id
reference_type
scores
0
value 0.00607
scoring_system epss
scoring_elements 0.70023
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4319
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/71364
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/71364
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c
9
reference_url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade
10
reference_url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
12
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU
13
reference_url https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722
14
reference_url https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342
15
reference_url http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
16
reference_url http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released
17
reference_url http://www.securityfocus.com/bid/50722
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/50722
18
reference_url http://www.securitytracker.com/id?1026342
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1026342
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=755004
reference_id 755004
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=755004
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4319
reference_id CVE-2011-4319
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-4319
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml
reference_id CVE-2011-4319.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml
22
reference_url https://github.com/advisories/GHSA-xxr8-833v-c7wc
reference_id GHSA-xxr8-833v-c7wc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxr8-833v-c7wc
fixed_packages
0
url pkg:gem/actionpack@3.1.2
purl pkg:gem/actionpack@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-de5p-39kn-pkd3
16
vulnerability VCID-dz1r-ae9g-57en
17
vulnerability VCID-f22x-hsz9-kfau
18
vulnerability VCID-f8s8-epzh-3bhw
19
vulnerability VCID-fm16-z8wy-6fgz
20
vulnerability VCID-fnkq-8eys-gygm
21
vulnerability VCID-ghfd-u91m-dbdz
22
vulnerability VCID-gqg3-gs2h-zugf
23
vulnerability VCID-hpu4-xbs2-fugs
24
vulnerability VCID-hud5-xxhh-u3ex
25
vulnerability VCID-j52w-azvw-1ycn
26
vulnerability VCID-j585-zz5s-nqd5
27
vulnerability VCID-jnrw-sue5-zqex
28
vulnerability VCID-kyj5-b8wz-pkgj
29
vulnerability VCID-m8rg-xa7x-6yan
30
vulnerability VCID-mrwn-mkcp-j7dv
31
vulnerability VCID-n2ap-zgrd-skhf
32
vulnerability VCID-pzs8-zstn-hbf2
33
vulnerability VCID-r7ur-pzac-7bbk
34
vulnerability VCID-sd3k-af7j-h7h4
35
vulnerability VCID-semx-3823-f7f6
36
vulnerability VCID-sevc-c95q-tyg8
37
vulnerability VCID-sfnx-agxs-9yc9
38
vulnerability VCID-swv6-gyb1-y7bs
39
vulnerability VCID-t1ep-g6cz-7kgr
40
vulnerability VCID-tc9x-h24m-9ufe
41
vulnerability VCID-vaa4-b9ph-b7cm
42
vulnerability VCID-wyvv-ks5y-fkex
43
vulnerability VCID-x6wm-6c84-2qdw
44
vulnerability VCID-xhqj-617q-f7fb
45
vulnerability VCID-yp5x-mgfj-xbbf
46
vulnerability VCID-ypmv-73g2-gfex
47
vulnerability VCID-yrjj-cken-6qff
48
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.2
aliases CVE-2011-4319, GHSA-xxr8-833v-c7wc, OSV-77199
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc9x-h24m-9ufe
37
url VCID-vaa4-b9ph-b7cm
vulnerability_id VCID-vaa4-b9ph-b7cm
summary 
Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1794.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1794.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0008.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4491
reference_id
reference_type
scores
0
value 0.00713
scoring_system epss
scoring_elements 0.72633
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4491
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
10
reference_url http://seclists.org/oss-sec/2013/q4/401
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/401
11
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
12
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
13
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
14
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036922
reference_id 1036922
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036922
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4491
reference_id CVE-2013-4491
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4491
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml
reference_id CVE-2013-4491.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml
18
reference_url https://github.com/advisories/GHSA-699m-mcjm-9cw8
reference_id GHSA-699m-mcjm-9cw8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-699m-mcjm-9cw8
19
reference_url https://access.redhat.com/errata/RHSA-2013:1794
reference_id RHSA-2013:1794
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1794
20
reference_url https://access.redhat.com/errata/RHSA-2014:0008
reference_id RHSA-2014:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0008
fixed_packages
0
url pkg:gem/actionpack@3.2.16
purl pkg:gem/actionpack@3.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-f8s8-epzh-3bhw
15
vulnerability VCID-fm16-z8wy-6fgz
16
vulnerability VCID-fnkq-8eys-gygm
17
vulnerability VCID-hud5-xxhh-u3ex
18
vulnerability VCID-j52w-azvw-1ycn
19
vulnerability VCID-j585-zz5s-nqd5
20
vulnerability VCID-jnrw-sue5-zqex
21
vulnerability VCID-kyj5-b8wz-pkgj
22
vulnerability VCID-m8rg-xa7x-6yan
23
vulnerability VCID-mrwn-mkcp-j7dv
24
vulnerability VCID-n2ap-zgrd-skhf
25
vulnerability VCID-r7ur-pzac-7bbk
26
vulnerability VCID-sd3k-af7j-h7h4
27
vulnerability VCID-semx-3823-f7f6
28
vulnerability VCID-sevc-c95q-tyg8
29
vulnerability VCID-t1ep-g6cz-7kgr
30
vulnerability VCID-tc9x-h24m-9ufe
31
vulnerability VCID-vm51-p4w4-n3du
32
vulnerability VCID-wyvv-ks5y-fkex
33
vulnerability VCID-x6wm-6c84-2qdw
34
vulnerability VCID-xhqj-617q-f7fb
35
vulnerability VCID-yp5x-mgfj-xbbf
36
vulnerability VCID-ypmv-73g2-gfex
37
vulnerability VCID-yrjj-cken-6qff
38
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16
1
url pkg:gem/actionpack@4.0.2
purl pkg:gem/actionpack@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-1bxj-7h5q-jbdz
2
vulnerability VCID-26je-urbt-8kee
3
vulnerability VCID-31rm-1rpc-g3dq
4
vulnerability VCID-4jjq-jkgc-mkca
5
vulnerability VCID-6cjf-b88j-n3bw
6
vulnerability VCID-6jdd-kze9-myfz
7
vulnerability VCID-7yhn-w7nv-xqf7
8
vulnerability VCID-9w4d-2z52-wyaf
9
vulnerability VCID-apra-79g2-wkfn
10
vulnerability VCID-b5zn-u8pu-zya6
11
vulnerability VCID-ct3m-wed2-6bhq
12
vulnerability VCID-dz1r-ae9g-57en
13
vulnerability VCID-f22x-hsz9-kfau
14
vulnerability VCID-fm16-z8wy-6fgz
15
vulnerability VCID-fnkq-8eys-gygm
16
vulnerability VCID-hud5-xxhh-u3ex
17
vulnerability VCID-j52w-azvw-1ycn
18
vulnerability VCID-j585-zz5s-nqd5
19
vulnerability VCID-jnrw-sue5-zqex
20
vulnerability VCID-kyj5-b8wz-pkgj
21
vulnerability VCID-m8rg-xa7x-6yan
22
vulnerability VCID-mrwn-mkcp-j7dv
23
vulnerability VCID-n2ap-zgrd-skhf
24
vulnerability VCID-pssv-24tn-kkc5
25
vulnerability VCID-r7ur-pzac-7bbk
26
vulnerability VCID-sd3k-af7j-h7h4
27
vulnerability VCID-semx-3823-f7f6
28
vulnerability VCID-sevc-c95q-tyg8
29
vulnerability VCID-t1ep-g6cz-7kgr
30
vulnerability VCID-tc9x-h24m-9ufe
31
vulnerability VCID-wyvv-ks5y-fkex
32
vulnerability VCID-x6wm-6c84-2qdw
33
vulnerability VCID-xhqj-617q-f7fb
34
vulnerability VCID-yp5x-mgfj-xbbf
35
vulnerability VCID-ypmv-73g2-gfex
36
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2
aliases CVE-2013-4491, GHSA-699m-mcjm-9cw8, OSV-100528
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vaa4-b9ph-b7cm
38
url VCID-wyvv-ks5y-fkex
vulnerability_id VCID-wyvv-ks5y-fkex
summary 
Possible Object Leak and Denial of Service attack
A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-0296.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0296.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0751
reference_id
reference_type
scores
0
value 0.08895
scoring_system epss
scoring_elements 0.92693
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0751
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
18
reference_url https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17
19
reference_url https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6
20
reference_url https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af
21
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ
22
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
23
reference_url https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816
24
reference_url https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800
25
reference_url http://www.debian.org/security/2016/dsa-3464
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3464
26
reference_url http://www.openwall.com/lists/oss-security/2016/01/25/9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/25/9
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301946
reference_id 1301946
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301946
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0751
reference_id CVE-2016-0751
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0751
29
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml
reference_id CVE-2016-0751.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml
30
reference_url https://github.com/advisories/GHSA-ffpv-c4hm-3x6v
reference_id GHSA-ffpv-c4hm-3x6v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffpv-c4hm-3x6v
31
reference_url https://access.redhat.com/errata/RHSA-2016:0296
reference_id RHSA-2016:0296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0296
32
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
33
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
fixed_packages
0
url pkg:gem/actionpack@3.2.22.1
purl pkg:gem/actionpack@3.2.22.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fn9u-w13j-43dz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-r7ur-pzac-7bbk
21
vulnerability VCID-sd3k-af7j-h7h4
22
vulnerability VCID-semx-3823-f7f6
23
vulnerability VCID-sevc-c95q-tyg8
24
vulnerability VCID-tc9x-h24m-9ufe
25
vulnerability VCID-vm51-p4w4-n3du
26
vulnerability VCID-x6wm-6c84-2qdw
27
vulnerability VCID-xhqj-617q-f7fb
28
vulnerability VCID-yp5x-mgfj-xbbf
29
vulnerability VCID-ypmv-73g2-gfex
30
vulnerability VCID-yrjj-cken-6qff
31
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1
1
url pkg:gem/actionpack@4.1.14.1
purl pkg:gem/actionpack@4.1.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fn9u-w13j-43dz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-r7ur-pzac-7bbk
21
vulnerability VCID-sd3k-af7j-h7h4
22
vulnerability VCID-semx-3823-f7f6
23
vulnerability VCID-sevc-c95q-tyg8
24
vulnerability VCID-tc9x-h24m-9ufe
25
vulnerability VCID-vm51-p4w4-n3du
26
vulnerability VCID-x6wm-6c84-2qdw
27
vulnerability VCID-xhqj-617q-f7fb
28
vulnerability VCID-yp5x-mgfj-xbbf
29
vulnerability VCID-ypmv-73g2-gfex
30
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1
2
url pkg:gem/actionpack@4.2.5.1
purl pkg:gem/actionpack@4.2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-apra-79g2-wkfn
8
vulnerability VCID-b5zn-u8pu-zya6
9
vulnerability VCID-dz1r-ae9g-57en
10
vulnerability VCID-f22x-hsz9-kfau
11
vulnerability VCID-fm16-z8wy-6fgz
12
vulnerability VCID-fn9u-w13j-43dz
13
vulnerability VCID-fnkq-8eys-gygm
14
vulnerability VCID-hud5-xxhh-u3ex
15
vulnerability VCID-jnrw-sue5-zqex
16
vulnerability VCID-kyj5-b8wz-pkgj
17
vulnerability VCID-m8rg-xa7x-6yan
18
vulnerability VCID-mrwn-mkcp-j7dv
19
vulnerability VCID-n2ap-zgrd-skhf
20
vulnerability VCID-r7ur-pzac-7bbk
21
vulnerability VCID-sd3k-af7j-h7h4
22
vulnerability VCID-semx-3823-f7f6
23
vulnerability VCID-sevc-c95q-tyg8
24
vulnerability VCID-tc9x-h24m-9ufe
25
vulnerability VCID-x6wm-6c84-2qdw
26
vulnerability VCID-xhqj-617q-f7fb
27
vulnerability VCID-yp5x-mgfj-xbbf
28
vulnerability VCID-ypmv-73g2-gfex
29
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1
3
url pkg:gem/actionpack@5.0.0.beta1.1
purl pkg:gem/actionpack@5.0.0.beta1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-b5zn-u8pu-zya6
8
vulnerability VCID-dz1r-ae9g-57en
9
vulnerability VCID-f22x-hsz9-kfau
10
vulnerability VCID-fm16-z8wy-6fgz
11
vulnerability VCID-fnkq-8eys-gygm
12
vulnerability VCID-hud5-xxhh-u3ex
13
vulnerability VCID-jnrw-sue5-zqex
14
vulnerability VCID-kyj5-b8wz-pkgj
15
vulnerability VCID-m8rg-xa7x-6yan
16
vulnerability VCID-mrwn-mkcp-j7dv
17
vulnerability VCID-n2ap-zgrd-skhf
18
vulnerability VCID-r7ur-pzac-7bbk
19
vulnerability VCID-sd3k-af7j-h7h4
20
vulnerability VCID-semx-3823-f7f6
21
vulnerability VCID-sevc-c95q-tyg8
22
vulnerability VCID-tc9x-h24m-9ufe
23
vulnerability VCID-x6wm-6c84-2qdw
24
vulnerability VCID-xhqj-617q-f7fb
25
vulnerability VCID-yp5x-mgfj-xbbf
26
vulnerability VCID-ypmv-73g2-gfex
27
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1
aliases CVE-2016-0751, GHSA-ffpv-c4hm-3x6v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyvv-ks5y-fkex
39
url VCID-x6wm-6c84-2qdw
vulnerability_id VCID-x6wm-6c84-2qdw
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-27777
reference_id
reference_type
scores
0
value 0.01409
scoring_system epss
scoring_elements 0.80801
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-27777
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
3
reference_url https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85
7
reference_url https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
8
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
9
reference_url https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released
10
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5372
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982
reference_id 1016982
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2080296
reference_id 2080296
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2080296
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-27777
reference_id CVE-2022-27777
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-27777
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml
reference_id CVE-2022-27777.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml
15
reference_url https://github.com/advisories/GHSA-ch3h-j2vf-95pv
reference_id GHSA-ch3h-j2vf-95pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ch3h-j2vf-95pv
16
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
fixed_packages
0
url pkg:gem/actionpack@5.2.7.1
purl pkg:gem/actionpack@5.2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-semx-3823-f7f6
6
vulnerability VCID-xhqj-617q-f7fb
7
vulnerability VCID-yp5x-mgfj-xbbf
8
vulnerability VCID-ypmv-73g2-gfex
9
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.7.1
1
url pkg:gem/actionpack@6.0.4.8
purl pkg:gem/actionpack@6.0.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-semx-3823-f7f6
6
vulnerability VCID-xhqj-617q-f7fb
7
vulnerability VCID-yp5x-mgfj-xbbf
8
vulnerability VCID-ypmv-73g2-gfex
9
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.4.8
2
url pkg:gem/actionpack@6.1.5.1
purl pkg:gem/actionpack@6.1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-semx-3823-f7f6
6
vulnerability VCID-xhqj-617q-f7fb
7
vulnerability VCID-yp5x-mgfj-xbbf
8
vulnerability VCID-ypmv-73g2-gfex
9
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.5.1
3
url pkg:gem/actionpack@7.0.2.4
purl pkg:gem/actionpack@7.0.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-kt8w-wxpx-vyf9
5
vulnerability VCID-n2ap-zgrd-skhf
6
vulnerability VCID-semx-3823-f7f6
7
vulnerability VCID-xhqj-617q-f7fb
8
vulnerability VCID-yp5x-mgfj-xbbf
9
vulnerability VCID-ypmv-73g2-gfex
10
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.4
aliases CVE-2022-27777, GHSA-ch3h-j2vf-95pv, GMS-2022-1138
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x6wm-6c84-2qdw
40
url VCID-xhqj-617q-f7fb
vulnerability_id VCID-xhqj-617q-f7fb
summary 
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch

There is a possible ReDoS vulnerability in the Accept header parsing routines
of Action Dispatch. This vulnerability has been assigned the CVE identifier
CVE-2024-26142.

Versions Affected:  >= 7.1.0, < 7.1.3.1
Not affected:       < 7.1.0
Fixed Versions:     7.1.3.1

Impact
------
Carefully crafted Accept headers can cause Accept header parsing in Action
Dispatch to take an unexpected amount of time, possibly resulting in a DoS
vulnerability.  All users running an affected release should either upgrade or
use one of the workarounds immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby
3.2 or newer are unaffected.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 7-1-accept-redox.patch - Patch for 7.1 series

Credits
-------
Thanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26142
reference_id
reference_type
scores
0
value 0.03542
scoring_system epss
scoring_elements 0.87878
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26142
2
reference_url https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266324
reference_id 2266324
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266324
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26142
reference_id CVE-2024-26142
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26142
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml
reference_id CVE-2024-26142.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml
9
reference_url https://github.com/advisories/GHSA-jjhx-jhvp-74wq
reference_id GHSA-jjhx-jhvp-74wq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjhx-jhvp-74wq
10
reference_url https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq
reference_id GHSA-jjhx-jhvp-74wq
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq
11
reference_url https://security.netapp.com/advisory/ntap-20240503-0003/
reference_id ntap-20240503-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://security.netapp.com/advisory/ntap-20240503-0003/
fixed_packages
0
url pkg:gem/actionpack@7.1.3.1
purl pkg:gem/actionpack@7.1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-fnkq-8eys-gygm
3
vulnerability VCID-ypmv-73g2-gfex
4
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1
aliases CVE-2024-26142, GHSA-jjhx-jhvp-74wq
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhqj-617q-f7fb
41
url VCID-yp5x-mgfj-xbbf
vulnerability_id VCID-yp5x-mgfj-xbbf
summary 
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22792
reference_id
reference_type
scores
0
value 0.02326
scoring_system epss
scoring_elements 0.85083
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22792
2
reference_url https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml
7
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
8
reference_url https://security.netapp.com/advisory/ntap-20240202-0007
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240202-0007
9
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://www.debian.org/security/2023/dsa-5372
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164800
reference_id 2164800
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164800
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22792
reference_id CVE-2023-22792
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22792
13
reference_url https://github.com/advisories/GHSA-p84v-45xj-wwqj
reference_id GHSA-p84v-45xj-wwqj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p84v-45xj-wwqj
14
reference_url https://security.netapp.com/advisory/ntap-20240202-0007/
reference_id ntap-20240202-0007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/
url https://security.netapp.com/advisory/ntap-20240202-0007/
15
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/actionpack@5.2.8
purl pkg:gem/actionpack@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-semx-3823-f7f6
6
vulnerability VCID-xhqj-617q-f7fb
7
vulnerability VCID-yp5x-mgfj-xbbf
8
vulnerability VCID-ypmv-73g2-gfex
9
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8
1
url pkg:gem/actionpack@5.2.8.15
purl pkg:gem/actionpack@5.2.8.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8.15
2
url pkg:gem/actionpack@6.1.7.1
purl pkg:gem/actionpack@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-semx-3823-f7f6
6
vulnerability VCID-xhqj-617q-f7fb
7
vulnerability VCID-yp5x-mgfj-xbbf
8
vulnerability VCID-ypmv-73g2-gfex
9
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1
3
url pkg:gem/actionpack@7.0.4.1
purl pkg:gem/actionpack@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-semx-3823-f7f6
6
vulnerability VCID-xhqj-617q-f7fb
7
vulnerability VCID-yp5x-mgfj-xbbf
8
vulnerability VCID-ypmv-73g2-gfex
9
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1
aliases CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp5x-mgfj-xbbf
42
url VCID-ypmv-73g2-gfex
vulnerability_id VCID-ypmv-73g2-gfex
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47887
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56357
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47887
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319034
reference_id 2319034
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319034
7
reference_url https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049
reference_id 56b2fc3302836405b496e196a8d5fc0195e55049
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049
8
reference_url https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a
reference_id 7c1398854d51f9bb193fb79f226647351133d08a
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a
9
reference_url https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
reference_id 8e057db25bff1dc7a98e9ae72e0083825b9ac545
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47887
reference_id CVE-2024-47887
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-47887
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml
reference_id CVE-2024-47887.YML
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml
12
reference_url https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
reference_id f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
13
reference_url https://github.com/advisories/GHSA-vfg9-r3fq-jvx4
reference_id GHSA-vfg9-r3fq-jvx4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfg9-r3fq-jvx4
14
reference_url https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
reference_id GHSA-vfg9-r3fq-jvx4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
15
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:gem/actionpack@6.1.7.9
purl pkg:gem/actionpack@6.1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9
1
url pkg:gem/actionpack@7.0.0.alpha1
purl pkg:gem/actionpack@7.0.0.alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-n2ap-zgrd-skhf
5
vulnerability VCID-xhqj-617q-f7fb
6
vulnerability VCID-yp5x-mgfj-xbbf
7
vulnerability VCID-ypmv-73g2-gfex
8
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.alpha1
2
url pkg:gem/actionpack@7.0.8.5
purl pkg:gem/actionpack@7.0.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5
3
url pkg:gem/actionpack@7.1.0.beta1
purl pkg:gem/actionpack@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-xhqj-617q-f7fb
5
vulnerability VCID-ypmv-73g2-gfex
6
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1
4
url pkg:gem/actionpack@7.1.4.1
purl pkg:gem/actionpack@7.1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1
5
url pkg:gem/actionpack@7.2.0.beta1
purl pkg:gem/actionpack@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-fnkq-8eys-gygm
3
vulnerability VCID-ypmv-73g2-gfex
4
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1
6
url pkg:gem/actionpack@7.2.1.1
purl pkg:gem/actionpack@7.2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1
7
url pkg:gem/actionpack@8.0.0.beta1
purl pkg:gem/actionpack@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-ypmv-73g2-gfex
3
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1
aliases CVE-2024-47887, GHSA-vfg9-r3fq-jvx4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypmv-73g2-gfex
43
url VCID-yrjj-cken-6qff
vulnerability_id VCID-yrjj-cken-6qff
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54133
reference_id
reference_type
scores
0
value 0.0019
scoring_system epss
scoring_elements 0.40654
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54133
2
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
3
reference_url https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49
4
reference_url https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a
5
reference_url https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542
6
reference_url https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d
7
reference_url https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-54133
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-54133
10
reference_url https://security.netapp.com/advisory/ntap-20250306-0010
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250306-0010
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755
reference_id 1089755
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331619
reference_id 2331619
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331619
13
reference_url https://github.com/advisories/GHSA-vfm5-rmrh-j26v
reference_id GHSA-vfm5-rmrh-j26v
reference_type
scores
url https://github.com/advisories/GHSA-vfm5-rmrh-j26v
fixed_packages
0
url pkg:gem/actionpack@7.0.8.7
purl pkg:gem/actionpack@7.0.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.7
1
url pkg:gem/actionpack@7.1.0.beta1
purl pkg:gem/actionpack@7.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jjq-jkgc-mkca
1
vulnerability VCID-9w4d-2z52-wyaf
2
vulnerability VCID-f22x-hsz9-kfau
3
vulnerability VCID-fnkq-8eys-gygm
4
vulnerability VCID-xhqj-617q-f7fb
5
vulnerability VCID-ypmv-73g2-gfex
6
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.0.beta1
2
url pkg:gem/actionpack@7.1.5.1
purl pkg:gem/actionpack@7.1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.5.1
3
url pkg:gem/actionpack@7.2.0.beta1
purl pkg:gem/actionpack@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-fnkq-8eys-gygm
3
vulnerability VCID-ypmv-73g2-gfex
4
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta1
4
url pkg:gem/actionpack@7.2.2.1
purl pkg:gem/actionpack@7.2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.2.1
5
url pkg:gem/actionpack@8.0.0.beta1
purl pkg:gem/actionpack@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
1
vulnerability VCID-f22x-hsz9-kfau
2
vulnerability VCID-ypmv-73g2-gfex
3
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1
6
url pkg:gem/actionpack@8.0.0.1
purl pkg:gem/actionpack@8.0.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w4d-2z52-wyaf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.1
aliases CVE-2024-54133, GHSA-vfm5-rmrh-j26v
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjj-cken-6qff
44
url VCID-zm15-yzy1-xuhv
vulnerability_id VCID-zm15-yzy1-xuhv
summary 
Possible XSS Vulnerability in ActionView
There is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-1855.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1855.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1856.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1856.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1857.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1857.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1858.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1858.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6316
reference_id
reference_type
scores
0
value 0.01626
scoring_system epss
scoring_elements 0.82175
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6316
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk
9
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE
10
reference_url https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430
11
reference_url http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released
12
reference_url http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
13
reference_url http://www.debian.org/security/2016/dsa-3651
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3651
14
reference_url http://www.openwall.com/lists/oss-security/2016/08/11/3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/08/11/3
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1365008
reference_id 1365008
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1365008
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155
reference_id 834155
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6316
reference_id CVE-2016-6316
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6316
18
reference_url https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316
reference_id CVE-2016-6316
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316
19
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml
reference_id CVE-2016-6316.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml
20
reference_url https://github.com/advisories/GHSA-pc3m-v286-2jwj
reference_id GHSA-pc3m-v286-2jwj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pc3m-v286-2jwj
21
reference_url https://access.redhat.com/errata/RHSA-2016:1855
reference_id RHSA-2016:1855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1855
22
reference_url https://access.redhat.com/errata/RHSA-2016:1856
reference_id RHSA-2016:1856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1856
23
reference_url https://access.redhat.com/errata/RHSA-2016:1857
reference_id RHSA-2016:1857
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1857
24
reference_url https://access.redhat.com/errata/RHSA-2016:1858
reference_id RHSA-2016:1858
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1858
fixed_packages
0
url pkg:gem/actionpack@3.2.22.3
purl pkg:gem/actionpack@3.2.22.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bxj-7h5q-jbdz
1
vulnerability VCID-31rm-1rpc-g3dq
2
vulnerability VCID-4jjq-jkgc-mkca
3
vulnerability VCID-6cjf-b88j-n3bw
4
vulnerability VCID-6jdd-kze9-myfz
5
vulnerability VCID-7yhn-w7nv-xqf7
6
vulnerability VCID-9w4d-2z52-wyaf
7
vulnerability VCID-b5zn-u8pu-zya6
8
vulnerability VCID-dz1r-ae9g-57en
9
vulnerability VCID-f22x-hsz9-kfau
10
vulnerability VCID-fm16-z8wy-6fgz
11
vulnerability VCID-fnkq-8eys-gygm
12
vulnerability VCID-hud5-xxhh-u3ex
13
vulnerability VCID-jnrw-sue5-zqex
14
vulnerability VCID-kyj5-b8wz-pkgj
15
vulnerability VCID-m8rg-xa7x-6yan
16
vulnerability VCID-mrwn-mkcp-j7dv
17
vulnerability VCID-n2ap-zgrd-skhf
18
vulnerability VCID-r7ur-pzac-7bbk
19
vulnerability VCID-sd3k-af7j-h7h4
20
vulnerability VCID-semx-3823-f7f6
21
vulnerability VCID-sevc-c95q-tyg8
22
vulnerability VCID-tc9x-h24m-9ufe
23
vulnerability VCID-x6wm-6c84-2qdw
24
vulnerability VCID-xhqj-617q-f7fb
25
vulnerability VCID-yp5x-mgfj-xbbf
26
vulnerability VCID-ypmv-73g2-gfex
27
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.3
aliases CVE-2016-6316, GHSA-pc3m-v286-2jwj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zm15-yzy1-xuhv
Fixing_vulnerabilities
0
url VCID-ahgm-vw45-33a2
vulnerability_id VCID-ahgm-vw45-33a2
summary 
Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56344
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
3
reference_url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
4
reference_url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
5
reference_url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
6
reference_url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
7
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
8
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847196
reference_id 847196
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847196
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
reference_id CVE-2012-3463
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
11
reference_url https://github.com/advisories/GHSA-98mf-8f57-64qf
reference_id GHSA-98mf-8f57-64qf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98mf-8f57-64qf
12
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
13
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/actionpack@2.3.2
purl pkg:gem/actionpack@2.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-de5p-39kn-pkd3
16
vulnerability VCID-dz1r-ae9g-57en
17
vulnerability VCID-f22x-hsz9-kfau
18
vulnerability VCID-f8s8-epzh-3bhw
19
vulnerability VCID-fm16-z8wy-6fgz
20
vulnerability VCID-fnkq-8eys-gygm
21
vulnerability VCID-fyxy-39kr-afde
22
vulnerability VCID-ghfd-u91m-dbdz
23
vulnerability VCID-gqg3-gs2h-zugf
24
vulnerability VCID-hpu4-xbs2-fugs
25
vulnerability VCID-hud5-xxhh-u3ex
26
vulnerability VCID-j585-zz5s-nqd5
27
vulnerability VCID-jnrw-sue5-zqex
28
vulnerability VCID-kyj5-b8wz-pkgj
29
vulnerability VCID-m8rg-xa7x-6yan
30
vulnerability VCID-mrwn-mkcp-j7dv
31
vulnerability VCID-n2ap-zgrd-skhf
32
vulnerability VCID-pzs8-zstn-hbf2
33
vulnerability VCID-r7ur-pzac-7bbk
34
vulnerability VCID-sd3k-af7j-h7h4
35
vulnerability VCID-semx-3823-f7f6
36
vulnerability VCID-sevc-c95q-tyg8
37
vulnerability VCID-sfnx-agxs-9yc9
38
vulnerability VCID-swv6-gyb1-y7bs
39
vulnerability VCID-t1ep-g6cz-7kgr
40
vulnerability VCID-tc9x-h24m-9ufe
41
vulnerability VCID-vaa4-b9ph-b7cm
42
vulnerability VCID-wyvv-ks5y-fkex
43
vulnerability VCID-x6wm-6c84-2qdw
44
vulnerability VCID-xhqj-617q-f7fb
45
vulnerability VCID-yp5x-mgfj-xbbf
46
vulnerability VCID-ypmv-73g2-gfex
47
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.2
1
url pkg:gem/actionpack@3.0.17
purl pkg:gem/actionpack@3.0.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-auvj-pgpu-mybv
12
vulnerability VCID-b5zn-u8pu-zya6
13
vulnerability VCID-ct3m-wed2-6bhq
14
vulnerability VCID-dz1r-ae9g-57en
15
vulnerability VCID-f22x-hsz9-kfau
16
vulnerability VCID-f8s8-epzh-3bhw
17
vulnerability VCID-fm16-z8wy-6fgz
18
vulnerability VCID-fnkq-8eys-gygm
19
vulnerability VCID-ghfd-u91m-dbdz
20
vulnerability VCID-gqg3-gs2h-zugf
21
vulnerability VCID-hud5-xxhh-u3ex
22
vulnerability VCID-j52w-azvw-1ycn
23
vulnerability VCID-j585-zz5s-nqd5
24
vulnerability VCID-jnrw-sue5-zqex
25
vulnerability VCID-kyj5-b8wz-pkgj
26
vulnerability VCID-m8rg-xa7x-6yan
27
vulnerability VCID-mrwn-mkcp-j7dv
28
vulnerability VCID-n2ap-zgrd-skhf
29
vulnerability VCID-r7ur-pzac-7bbk
30
vulnerability VCID-sd3k-af7j-h7h4
31
vulnerability VCID-semx-3823-f7f6
32
vulnerability VCID-sevc-c95q-tyg8
33
vulnerability VCID-sfnx-agxs-9yc9
34
vulnerability VCID-swv6-gyb1-y7bs
35
vulnerability VCID-t1ep-g6cz-7kgr
36
vulnerability VCID-tc9x-h24m-9ufe
37
vulnerability VCID-vaa4-b9ph-b7cm
38
vulnerability VCID-wyvv-ks5y-fkex
39
vulnerability VCID-x6wm-6c84-2qdw
40
vulnerability VCID-xhqj-617q-f7fb
41
vulnerability VCID-yp5x-mgfj-xbbf
42
vulnerability VCID-ypmv-73g2-gfex
43
vulnerability VCID-yrjj-cken-6qff
44
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17
2
url pkg:gem/actionpack@3.1.0.beta1
purl pkg:gem/actionpack@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-de5p-39kn-pkd3
16
vulnerability VCID-dz1r-ae9g-57en
17
vulnerability VCID-f22x-hsz9-kfau
18
vulnerability VCID-f8s8-epzh-3bhw
19
vulnerability VCID-fm16-z8wy-6fgz
20
vulnerability VCID-fnkq-8eys-gygm
21
vulnerability VCID-ghfd-u91m-dbdz
22
vulnerability VCID-gqg3-gs2h-zugf
23
vulnerability VCID-hpu4-xbs2-fugs
24
vulnerability VCID-hud5-xxhh-u3ex
25
vulnerability VCID-j52w-azvw-1ycn
26
vulnerability VCID-j585-zz5s-nqd5
27
vulnerability VCID-jnrw-sue5-zqex
28
vulnerability VCID-kyj5-b8wz-pkgj
29
vulnerability VCID-m8rg-xa7x-6yan
30
vulnerability VCID-mrwn-mkcp-j7dv
31
vulnerability VCID-n2ap-zgrd-skhf
32
vulnerability VCID-pzs8-zstn-hbf2
33
vulnerability VCID-r7ur-pzac-7bbk
34
vulnerability VCID-sd3k-af7j-h7h4
35
vulnerability VCID-semx-3823-f7f6
36
vulnerability VCID-sevc-c95q-tyg8
37
vulnerability VCID-sfnx-agxs-9yc9
38
vulnerability VCID-swv6-gyb1-y7bs
39
vulnerability VCID-t1ep-g6cz-7kgr
40
vulnerability VCID-tc9x-h24m-9ufe
41
vulnerability VCID-vaa4-b9ph-b7cm
42
vulnerability VCID-wyvv-ks5y-fkex
43
vulnerability VCID-x6wm-6c84-2qdw
44
vulnerability VCID-xhqj-617q-f7fb
45
vulnerability VCID-yp5x-mgfj-xbbf
46
vulnerability VCID-ypmv-73g2-gfex
47
vulnerability VCID-yrjj-cken-6qff
48
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1
3
url pkg:gem/actionpack@3.1.8
purl pkg:gem/actionpack@3.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-auvj-pgpu-mybv
12
vulnerability VCID-b5zn-u8pu-zya6
13
vulnerability VCID-ct3m-wed2-6bhq
14
vulnerability VCID-dz1r-ae9g-57en
15
vulnerability VCID-f22x-hsz9-kfau
16
vulnerability VCID-f8s8-epzh-3bhw
17
vulnerability VCID-fm16-z8wy-6fgz
18
vulnerability VCID-fnkq-8eys-gygm
19
vulnerability VCID-ghfd-u91m-dbdz
20
vulnerability VCID-gqg3-gs2h-zugf
21
vulnerability VCID-hud5-xxhh-u3ex
22
vulnerability VCID-j52w-azvw-1ycn
23
vulnerability VCID-j585-zz5s-nqd5
24
vulnerability VCID-jnrw-sue5-zqex
25
vulnerability VCID-kyj5-b8wz-pkgj
26
vulnerability VCID-m8rg-xa7x-6yan
27
vulnerability VCID-mrwn-mkcp-j7dv
28
vulnerability VCID-n2ap-zgrd-skhf
29
vulnerability VCID-r7ur-pzac-7bbk
30
vulnerability VCID-sd3k-af7j-h7h4
31
vulnerability VCID-semx-3823-f7f6
32
vulnerability VCID-sevc-c95q-tyg8
33
vulnerability VCID-sfnx-agxs-9yc9
34
vulnerability VCID-swv6-gyb1-y7bs
35
vulnerability VCID-t1ep-g6cz-7kgr
36
vulnerability VCID-tc9x-h24m-9ufe
37
vulnerability VCID-vaa4-b9ph-b7cm
38
vulnerability VCID-wyvv-ks5y-fkex
39
vulnerability VCID-x6wm-6c84-2qdw
40
vulnerability VCID-xhqj-617q-f7fb
41
vulnerability VCID-yp5x-mgfj-xbbf
42
vulnerability VCID-ypmv-73g2-gfex
43
vulnerability VCID-yrjj-cken-6qff
44
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8
4
url pkg:gem/actionpack@3.2.0.rc1
purl pkg:gem/actionpack@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-apra-79g2-wkfn
13
vulnerability VCID-auvj-pgpu-mybv
14
vulnerability VCID-b5zn-u8pu-zya6
15
vulnerability VCID-ct3m-wed2-6bhq
16
vulnerability VCID-de5p-39kn-pkd3
17
vulnerability VCID-dz1r-ae9g-57en
18
vulnerability VCID-f22x-hsz9-kfau
19
vulnerability VCID-f8s8-epzh-3bhw
20
vulnerability VCID-fm16-z8wy-6fgz
21
vulnerability VCID-fnkq-8eys-gygm
22
vulnerability VCID-ghfd-u91m-dbdz
23
vulnerability VCID-gqg3-gs2h-zugf
24
vulnerability VCID-hpu4-xbs2-fugs
25
vulnerability VCID-hud5-xxhh-u3ex
26
vulnerability VCID-j52w-azvw-1ycn
27
vulnerability VCID-j585-zz5s-nqd5
28
vulnerability VCID-jnrw-sue5-zqex
29
vulnerability VCID-kyj5-b8wz-pkgj
30
vulnerability VCID-m8rg-xa7x-6yan
31
vulnerability VCID-mrwn-mkcp-j7dv
32
vulnerability VCID-n2ap-zgrd-skhf
33
vulnerability VCID-pzs8-zstn-hbf2
34
vulnerability VCID-r7ur-pzac-7bbk
35
vulnerability VCID-sd3k-af7j-h7h4
36
vulnerability VCID-semx-3823-f7f6
37
vulnerability VCID-sevc-c95q-tyg8
38
vulnerability VCID-sfnx-agxs-9yc9
39
vulnerability VCID-swv6-gyb1-y7bs
40
vulnerability VCID-t1ep-g6cz-7kgr
41
vulnerability VCID-tc9x-h24m-9ufe
42
vulnerability VCID-vaa4-b9ph-b7cm
43
vulnerability VCID-vm51-p4w4-n3du
44
vulnerability VCID-wyvv-ks5y-fkex
45
vulnerability VCID-x6wm-6c84-2qdw
46
vulnerability VCID-xhqj-617q-f7fb
47
vulnerability VCID-yp5x-mgfj-xbbf
48
vulnerability VCID-ypmv-73g2-gfex
49
vulnerability VCID-yrjj-cken-6qff
50
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1
5
url pkg:gem/actionpack@3.2.8
purl pkg:gem/actionpack@3.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-apra-79g2-wkfn
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-dz1r-ae9g-57en
16
vulnerability VCID-f22x-hsz9-kfau
17
vulnerability VCID-f8s8-epzh-3bhw
18
vulnerability VCID-fm16-z8wy-6fgz
19
vulnerability VCID-fnkq-8eys-gygm
20
vulnerability VCID-ghfd-u91m-dbdz
21
vulnerability VCID-gqg3-gs2h-zugf
22
vulnerability VCID-hud5-xxhh-u3ex
23
vulnerability VCID-j52w-azvw-1ycn
24
vulnerability VCID-j585-zz5s-nqd5
25
vulnerability VCID-jnrw-sue5-zqex
26
vulnerability VCID-kyj5-b8wz-pkgj
27
vulnerability VCID-m8rg-xa7x-6yan
28
vulnerability VCID-mrwn-mkcp-j7dv
29
vulnerability VCID-n2ap-zgrd-skhf
30
vulnerability VCID-r7ur-pzac-7bbk
31
vulnerability VCID-sd3k-af7j-h7h4
32
vulnerability VCID-semx-3823-f7f6
33
vulnerability VCID-sevc-c95q-tyg8
34
vulnerability VCID-sfnx-agxs-9yc9
35
vulnerability VCID-swv6-gyb1-y7bs
36
vulnerability VCID-t1ep-g6cz-7kgr
37
vulnerability VCID-tc9x-h24m-9ufe
38
vulnerability VCID-vaa4-b9ph-b7cm
39
vulnerability VCID-vm51-p4w4-n3du
40
vulnerability VCID-wyvv-ks5y-fkex
41
vulnerability VCID-x6wm-6c84-2qdw
42
vulnerability VCID-xhqj-617q-f7fb
43
vulnerability VCID-yp5x-mgfj-xbbf
44
vulnerability VCID-ypmv-73g2-gfex
45
vulnerability VCID-yrjj-cken-6qff
46
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8
aliases CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahgm-vw45-33a2
1
url VCID-de5p-39kn-pkd3
vulnerability_id VCID-de5p-39kn-pkd3
summary 
actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3465
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56344
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3465
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
5
reference_url https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
6
reference_url https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
7
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847200
reference_id 847200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847200
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3465
reference_id CVE-2012-3465
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3465
10
reference_url https://github.com/advisories/GHSA-7g65-ghrg-hpf5
reference_id GHSA-7g65-ghrg-hpf5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g65-ghrg-hpf5
11
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
12
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:gem/actionpack@2.3.16
purl pkg:gem/actionpack@2.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6cjf-b88j-n3bw
7
vulnerability VCID-6jdd-kze9-myfz
8
vulnerability VCID-7yhn-w7nv-xqf7
9
vulnerability VCID-9w4d-2z52-wyaf
10
vulnerability VCID-auvj-pgpu-mybv
11
vulnerability VCID-b5zn-u8pu-zya6
12
vulnerability VCID-ct3m-wed2-6bhq
13
vulnerability VCID-dz1r-ae9g-57en
14
vulnerability VCID-f22x-hsz9-kfau
15
vulnerability VCID-f8s8-epzh-3bhw
16
vulnerability VCID-fm16-z8wy-6fgz
17
vulnerability VCID-fnkq-8eys-gygm
18
vulnerability VCID-ghfd-u91m-dbdz
19
vulnerability VCID-gqg3-gs2h-zugf
20
vulnerability VCID-hud5-xxhh-u3ex
21
vulnerability VCID-j585-zz5s-nqd5
22
vulnerability VCID-jnrw-sue5-zqex
23
vulnerability VCID-kyj5-b8wz-pkgj
24
vulnerability VCID-m8rg-xa7x-6yan
25
vulnerability VCID-mrwn-mkcp-j7dv
26
vulnerability VCID-n2ap-zgrd-skhf
27
vulnerability VCID-r7ur-pzac-7bbk
28
vulnerability VCID-sd3k-af7j-h7h4
29
vulnerability VCID-semx-3823-f7f6
30
vulnerability VCID-sevc-c95q-tyg8
31
vulnerability VCID-sfnx-agxs-9yc9
32
vulnerability VCID-swv6-gyb1-y7bs
33
vulnerability VCID-t1ep-g6cz-7kgr
34
vulnerability VCID-tc9x-h24m-9ufe
35
vulnerability VCID-vaa4-b9ph-b7cm
36
vulnerability VCID-wyvv-ks5y-fkex
37
vulnerability VCID-x6wm-6c84-2qdw
38
vulnerability VCID-xhqj-617q-f7fb
39
vulnerability VCID-yp5x-mgfj-xbbf
40
vulnerability VCID-ypmv-73g2-gfex
41
vulnerability VCID-yrjj-cken-6qff
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.16
1
url pkg:gem/actionpack@3.0.17
purl pkg:gem/actionpack@3.0.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-auvj-pgpu-mybv
12
vulnerability VCID-b5zn-u8pu-zya6
13
vulnerability VCID-ct3m-wed2-6bhq
14
vulnerability VCID-dz1r-ae9g-57en
15
vulnerability VCID-f22x-hsz9-kfau
16
vulnerability VCID-f8s8-epzh-3bhw
17
vulnerability VCID-fm16-z8wy-6fgz
18
vulnerability VCID-fnkq-8eys-gygm
19
vulnerability VCID-ghfd-u91m-dbdz
20
vulnerability VCID-gqg3-gs2h-zugf
21
vulnerability VCID-hud5-xxhh-u3ex
22
vulnerability VCID-j52w-azvw-1ycn
23
vulnerability VCID-j585-zz5s-nqd5
24
vulnerability VCID-jnrw-sue5-zqex
25
vulnerability VCID-kyj5-b8wz-pkgj
26
vulnerability VCID-m8rg-xa7x-6yan
27
vulnerability VCID-mrwn-mkcp-j7dv
28
vulnerability VCID-n2ap-zgrd-skhf
29
vulnerability VCID-r7ur-pzac-7bbk
30
vulnerability VCID-sd3k-af7j-h7h4
31
vulnerability VCID-semx-3823-f7f6
32
vulnerability VCID-sevc-c95q-tyg8
33
vulnerability VCID-sfnx-agxs-9yc9
34
vulnerability VCID-swv6-gyb1-y7bs
35
vulnerability VCID-t1ep-g6cz-7kgr
36
vulnerability VCID-tc9x-h24m-9ufe
37
vulnerability VCID-vaa4-b9ph-b7cm
38
vulnerability VCID-wyvv-ks5y-fkex
39
vulnerability VCID-x6wm-6c84-2qdw
40
vulnerability VCID-xhqj-617q-f7fb
41
vulnerability VCID-yp5x-mgfj-xbbf
42
vulnerability VCID-ypmv-73g2-gfex
43
vulnerability VCID-yrjj-cken-6qff
44
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17
2
url pkg:gem/actionpack@3.1.0.beta1
purl pkg:gem/actionpack@3.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-de5p-39kn-pkd3
16
vulnerability VCID-dz1r-ae9g-57en
17
vulnerability VCID-f22x-hsz9-kfau
18
vulnerability VCID-f8s8-epzh-3bhw
19
vulnerability VCID-fm16-z8wy-6fgz
20
vulnerability VCID-fnkq-8eys-gygm
21
vulnerability VCID-ghfd-u91m-dbdz
22
vulnerability VCID-gqg3-gs2h-zugf
23
vulnerability VCID-hpu4-xbs2-fugs
24
vulnerability VCID-hud5-xxhh-u3ex
25
vulnerability VCID-j52w-azvw-1ycn
26
vulnerability VCID-j585-zz5s-nqd5
27
vulnerability VCID-jnrw-sue5-zqex
28
vulnerability VCID-kyj5-b8wz-pkgj
29
vulnerability VCID-m8rg-xa7x-6yan
30
vulnerability VCID-mrwn-mkcp-j7dv
31
vulnerability VCID-n2ap-zgrd-skhf
32
vulnerability VCID-pzs8-zstn-hbf2
33
vulnerability VCID-r7ur-pzac-7bbk
34
vulnerability VCID-sd3k-af7j-h7h4
35
vulnerability VCID-semx-3823-f7f6
36
vulnerability VCID-sevc-c95q-tyg8
37
vulnerability VCID-sfnx-agxs-9yc9
38
vulnerability VCID-swv6-gyb1-y7bs
39
vulnerability VCID-t1ep-g6cz-7kgr
40
vulnerability VCID-tc9x-h24m-9ufe
41
vulnerability VCID-vaa4-b9ph-b7cm
42
vulnerability VCID-wyvv-ks5y-fkex
43
vulnerability VCID-x6wm-6c84-2qdw
44
vulnerability VCID-xhqj-617q-f7fb
45
vulnerability VCID-yp5x-mgfj-xbbf
46
vulnerability VCID-ypmv-73g2-gfex
47
vulnerability VCID-yrjj-cken-6qff
48
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1
3
url pkg:gem/actionpack@3.1.8
purl pkg:gem/actionpack@3.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-auvj-pgpu-mybv
12
vulnerability VCID-b5zn-u8pu-zya6
13
vulnerability VCID-ct3m-wed2-6bhq
14
vulnerability VCID-dz1r-ae9g-57en
15
vulnerability VCID-f22x-hsz9-kfau
16
vulnerability VCID-f8s8-epzh-3bhw
17
vulnerability VCID-fm16-z8wy-6fgz
18
vulnerability VCID-fnkq-8eys-gygm
19
vulnerability VCID-ghfd-u91m-dbdz
20
vulnerability VCID-gqg3-gs2h-zugf
21
vulnerability VCID-hud5-xxhh-u3ex
22
vulnerability VCID-j52w-azvw-1ycn
23
vulnerability VCID-j585-zz5s-nqd5
24
vulnerability VCID-jnrw-sue5-zqex
25
vulnerability VCID-kyj5-b8wz-pkgj
26
vulnerability VCID-m8rg-xa7x-6yan
27
vulnerability VCID-mrwn-mkcp-j7dv
28
vulnerability VCID-n2ap-zgrd-skhf
29
vulnerability VCID-r7ur-pzac-7bbk
30
vulnerability VCID-sd3k-af7j-h7h4
31
vulnerability VCID-semx-3823-f7f6
32
vulnerability VCID-sevc-c95q-tyg8
33
vulnerability VCID-sfnx-agxs-9yc9
34
vulnerability VCID-swv6-gyb1-y7bs
35
vulnerability VCID-t1ep-g6cz-7kgr
36
vulnerability VCID-tc9x-h24m-9ufe
37
vulnerability VCID-vaa4-b9ph-b7cm
38
vulnerability VCID-wyvv-ks5y-fkex
39
vulnerability VCID-x6wm-6c84-2qdw
40
vulnerability VCID-xhqj-617q-f7fb
41
vulnerability VCID-yp5x-mgfj-xbbf
42
vulnerability VCID-ypmv-73g2-gfex
43
vulnerability VCID-yrjj-cken-6qff
44
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8
4
url pkg:gem/actionpack@3.2.0.rc1
purl pkg:gem/actionpack@3.2.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-ahgm-vw45-33a2
12
vulnerability VCID-apra-79g2-wkfn
13
vulnerability VCID-auvj-pgpu-mybv
14
vulnerability VCID-b5zn-u8pu-zya6
15
vulnerability VCID-ct3m-wed2-6bhq
16
vulnerability VCID-de5p-39kn-pkd3
17
vulnerability VCID-dz1r-ae9g-57en
18
vulnerability VCID-f22x-hsz9-kfau
19
vulnerability VCID-f8s8-epzh-3bhw
20
vulnerability VCID-fm16-z8wy-6fgz
21
vulnerability VCID-fnkq-8eys-gygm
22
vulnerability VCID-ghfd-u91m-dbdz
23
vulnerability VCID-gqg3-gs2h-zugf
24
vulnerability VCID-hpu4-xbs2-fugs
25
vulnerability VCID-hud5-xxhh-u3ex
26
vulnerability VCID-j52w-azvw-1ycn
27
vulnerability VCID-j585-zz5s-nqd5
28
vulnerability VCID-jnrw-sue5-zqex
29
vulnerability VCID-kyj5-b8wz-pkgj
30
vulnerability VCID-m8rg-xa7x-6yan
31
vulnerability VCID-mrwn-mkcp-j7dv
32
vulnerability VCID-n2ap-zgrd-skhf
33
vulnerability VCID-pzs8-zstn-hbf2
34
vulnerability VCID-r7ur-pzac-7bbk
35
vulnerability VCID-sd3k-af7j-h7h4
36
vulnerability VCID-semx-3823-f7f6
37
vulnerability VCID-sevc-c95q-tyg8
38
vulnerability VCID-sfnx-agxs-9yc9
39
vulnerability VCID-swv6-gyb1-y7bs
40
vulnerability VCID-t1ep-g6cz-7kgr
41
vulnerability VCID-tc9x-h24m-9ufe
42
vulnerability VCID-vaa4-b9ph-b7cm
43
vulnerability VCID-vm51-p4w4-n3du
44
vulnerability VCID-wyvv-ks5y-fkex
45
vulnerability VCID-x6wm-6c84-2qdw
46
vulnerability VCID-xhqj-617q-f7fb
47
vulnerability VCID-yp5x-mgfj-xbbf
48
vulnerability VCID-ypmv-73g2-gfex
49
vulnerability VCID-yrjj-cken-6qff
50
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1
5
url pkg:gem/actionpack@3.2.8
purl pkg:gem/actionpack@3.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1161-4sdr-fkc3
1
vulnerability VCID-14eh-tn37-bfhu
2
vulnerability VCID-1bxj-7h5q-jbdz
3
vulnerability VCID-26je-urbt-8kee
4
vulnerability VCID-31rm-1rpc-g3dq
5
vulnerability VCID-4jjq-jkgc-mkca
6
vulnerability VCID-6as7-jkwa-53dk
7
vulnerability VCID-6cjf-b88j-n3bw
8
vulnerability VCID-6jdd-kze9-myfz
9
vulnerability VCID-7yhn-w7nv-xqf7
10
vulnerability VCID-9w4d-2z52-wyaf
11
vulnerability VCID-apra-79g2-wkfn
12
vulnerability VCID-auvj-pgpu-mybv
13
vulnerability VCID-b5zn-u8pu-zya6
14
vulnerability VCID-ct3m-wed2-6bhq
15
vulnerability VCID-dz1r-ae9g-57en
16
vulnerability VCID-f22x-hsz9-kfau
17
vulnerability VCID-f8s8-epzh-3bhw
18
vulnerability VCID-fm16-z8wy-6fgz
19
vulnerability VCID-fnkq-8eys-gygm
20
vulnerability VCID-ghfd-u91m-dbdz
21
vulnerability VCID-gqg3-gs2h-zugf
22
vulnerability VCID-hud5-xxhh-u3ex
23
vulnerability VCID-j52w-azvw-1ycn
24
vulnerability VCID-j585-zz5s-nqd5
25
vulnerability VCID-jnrw-sue5-zqex
26
vulnerability VCID-kyj5-b8wz-pkgj
27
vulnerability VCID-m8rg-xa7x-6yan
28
vulnerability VCID-mrwn-mkcp-j7dv
29
vulnerability VCID-n2ap-zgrd-skhf
30
vulnerability VCID-r7ur-pzac-7bbk
31
vulnerability VCID-sd3k-af7j-h7h4
32
vulnerability VCID-semx-3823-f7f6
33
vulnerability VCID-sevc-c95q-tyg8
34
vulnerability VCID-sfnx-agxs-9yc9
35
vulnerability VCID-swv6-gyb1-y7bs
36
vulnerability VCID-t1ep-g6cz-7kgr
37
vulnerability VCID-tc9x-h24m-9ufe
38
vulnerability VCID-vaa4-b9ph-b7cm
39
vulnerability VCID-vm51-p4w4-n3du
40
vulnerability VCID-wyvv-ks5y-fkex
41
vulnerability VCID-x6wm-6c84-2qdw
42
vulnerability VCID-xhqj-617q-f7fb
43
vulnerability VCID-yp5x-mgfj-xbbf
44
vulnerability VCID-ypmv-73g2-gfex
45
vulnerability VCID-yrjj-cken-6qff
46
vulnerability VCID-zm15-yzy1-xuhv
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8
aliases CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de5p-39kn-pkd3
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17