{"url":"http://public2.vulnerablecode.io/api/packages/53466?format=json","purl":"pkg:gem/actionpack@3.1.7","type":"gem","namespace":"","name":"actionpack","version":"3.1.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.1.2.1","latest_non_vulnerable_version":"8.1.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10585?format=json","vulnerability_id":"VCID-1161-4sdr-fkc3","summary":"Arbitrary file existence disclosure\nSpecially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7818","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44675","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7818"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934","reference_id":"770934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7818","reference_id":"CVE-2014-7818","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7818"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml","reference_id":"CVE-2014-7818.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml"},{"reference_url":"https://puppet.com/security/cve/cve-2014-7829","reference_id":"CVE-2014-7829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2014-7829"},{"reference_url":"https://github.com/advisories/GHSA-29gr-w57f-rpfw","reference_id":"GHSA-29gr-w57f-rpfw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29gr-w57f-rpfw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50974?format=json","purl":"pkg:gem/actionpack@3.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.20"},{"url":"http://public2.vulnerablecode.io/api/packages/50975?format=json","purl":"pkg:gem/actionpack@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/90972?format=json","purl":"pkg:gem/actionpack@4.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/50976?format=json","purl":"pkg:gem/actionpack@4.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/73704?format=json","purl":"pkg:gem/actionpack@4.2.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/50977?format=json","purl":"pkg:gem/actionpack@4.2.0.beta3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta3"}],"aliases":["CVE-2014-7818","GHSA-29gr-w57f-rpfw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1161-4sdr-fkc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10431?format=json","vulnerability_id":"VCID-14eh-tn37-bfhu","summary":"Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)\nDue to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0469.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0469.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6417","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66801","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/403","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/403"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6417","reference_id":"CVE-2013-6417","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6417"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6417","reference_id":"CVE-2013-6417","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6417"},{"reference_url":"https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417","reference_id":"CVE-2013-6417","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml","reference_id":"CVE-2013-6417.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml"},{"reference_url":"https://github.com/advisories/GHSA-wpw7-wxjm-cw8r","reference_id":"GHSA-wpw7-wxjm-cw8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpw7-wxjm-cw8r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50563?format=json","purl":"pkg:gem/actionpack@3.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/50564?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-6417","GHSA-wpw7-wxjm-cw8r","OSV-100527"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14eh-tn37-bfhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10465?format=json","vulnerability_id":"VCID-26je-urbt-8kee","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"},{"reference_url":"http://openwall.com/lists/oss-security/2014/02/18/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/02/18/8"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0081","reference_id":"","reference_type":"","scores":[{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75774","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4"},{"reference_url":"https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782"},{"reference_url":"https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647"},{"reference_url":"https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0081","reference_id":"CVE-2014-0081","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0081"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml","reference_id":"CVE-2014-0081.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml","reference_id":"CVE-2014-0081.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml"},{"reference_url":"https://github.com/advisories/GHSA-m46p-ggm5-5j83","reference_id":"GHSA-m46p-ggm5-5j83","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m46p-ggm5-5j83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50641?format=json","purl":"pkg:gem/actionpack@3.2.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17"},{"url":"http://public2.vulnerablecode.io/api/packages/50644?format=json","purl":"pkg:gem/actionpack@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/90972?format=json","purl":"pkg:gem/actionpack@4.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/50645?format=json","purl":"pkg:gem/actionpack@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1"}],"aliases":["CVE-2014-0081","GHSA-m46p-ggm5-5j83","OSV-103439"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26je-urbt-8kee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10294?format=json","vulnerability_id":"VCID-31rm-1rpc-g3dq","summary":"SQL Injection\nRuby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36566","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2660"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b"},{"reference_url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml"},{"reference_url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660","reference_id":"CVE-2012-2660","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2660"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml","reference_id":"CVE-2012-2660.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml","reference_id":"CVE-2012-2660.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml"},{"reference_url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf","reference_id":"GHSA-hgpp-pp89-4fgf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgpp-pp89-4fgf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53524?format=json","purl":"pkg:gem/actionpack@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pzs8-zstn-hbf2"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4"}],"aliases":["CVE-2012-2660","GHSA-hgpp-pp89-4fgf","OSV-82610"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31rm-1rpc-g3dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19553?format=json","vulnerability_id":"VCID-4jjq-jkgc-mkca","summary":"Rails has possible XSS Vulnerability in Action Controller\n# Possible XSS Vulnerability in Action Controller\n\nThere is a possible XSS vulnerability when using the translation helpers\n(`translate`, `t`, etc) in Action Controller. This vulnerability has been\nassigned the CVE identifier CVE-2024-26143.\n\nVersions Affected:  >= 7.0.0.\nNot affected:       < 7.0.0\nFixed Versions:     7.1.3.1, 7.0.8.1\n\nImpact\n------\nApplications using translation methods like `translate`, or `t` on a\ncontroller, with a key ending in \"_html\", a `:default` key which contains\nuntrusted user input, and the resulting string is used in a view, may be\nsusceptible to an XSS vulnerability.\n\nFor example, impacted code will look something like this:\n\n```ruby\nclass ArticlesController < ApplicationController\n  def show  \n    @message = t(\"message_html\", default: untrusted_input)\n    # The `show` template displays the contents of `@message`\n  end\nend\n```\n\nTo reiterate the pre-conditions, applications must:\n\n* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from\n  a view)\n* Use a key that ends in `_html`\n* Use a default value where the default value is untrusted and unescaped input\n* Send the text to the victim (whether that's part of a template, or a\n  `render` call)\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n*  7-0-translate-xss.patch - Patch for 7.0 series\n*  7-1-translate-xss.patch - Patch for 7.1 series\n\nCredits\n-------\n\nThanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26143","reference_id":"","reference_type":"","scores":[{"value":"0.02067","scoring_system":"epss","scoring_elements":"0.84217","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26143"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc"},{"reference_url":"https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0004","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240510-0004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266388","reference_id":"2266388","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266388"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26143","reference_id":"CVE-2024-26143","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26143"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml","reference_id":"CVE-2024-26143.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml"},{"reference_url":"https://github.com/advisories/GHSA-9822-6m93-xqf4","reference_id":"GHSA-9822-6m93-xqf4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9822-6m93-xqf4"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4","reference_id":"GHSA-9822-6m93-xqf4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0004/","reference_id":"ntap-20240510-0004","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0004/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67983?format=json","purl":"pkg:gem/actionpack@7.0.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/67973?format=json","purl":"pkg:gem/actionpack@7.1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1"}],"aliases":["CVE-2024-26143","GHSA-9822-6m93-xqf4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4jjq-jkgc-mkca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10328?format=json","vulnerability_id":"VCID-6as7-jkwa-53dk","summary":"Multiple vulnerabilities in parameter parsing in Action Pack\nThere are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0153.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0153.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0155.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0155.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"0.91907","scoring_system":"epss","scoring_elements":"0.99708","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0156"},{"reference_url":"https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain"},{"reference_url":"https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"},{"reference_url":"https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A"},{"reference_url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2604","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2604"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html"},{"reference_url":"http://www.insinuator.net/2013/01/rails-yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.insinuator.net/2013/01/rails-yaml"},{"reference_url":"http://www.insinuator.net/2013/01/rails-yaml/","reference_id":"","reference_type":"","scores":[],"url":"http://www.insinuator.net/2013/01/rails-yaml/"},{"reference_url":"http://www.kb.cert.org/vuls/id/380039","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/380039"},{"reference_url":"http://www.kb.cert.org/vuls/id/628463","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/628463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722","reference_id":"697722","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0156","reference_id":"CVE-2013-0156","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0156"},{"reference_url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/","reference_id":"CVE-2013-0156","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb","reference_id":"CVE-2013-0156;OSVDB-89026","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb","reference_id":"CVE-2013-0156;OSVDB-89026","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb"},{"reference_url":"https://github.com/advisories/GHSA-jmgw-6vjg-jjwg","reference_id":"GHSA-jmgw-6vjg-jjwg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmgw-6vjg-jjwg"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50249?format=json","purl":"pkg:gem/actionpack@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/85778?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hpu4-xbs2-fugs"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pzs8-zstn-hbf2"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/50250?format=json","purl":"pkg:gem/actionpack@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11"}],"aliases":["CVE-2013-0156","GHSA-jmgw-6vjg-jjwg","OSV-89026"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6as7-jkwa-53dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11851?format=json","vulnerability_id":"VCID-6cjf-b88j-n3bw","summary":"Cross-Site Request Forgery (CSRF)\nRuby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage \"combinations of browser plugins and HTTP redirects,\" a related issue to CVE-2011-0696.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0447","reference_id":"","reference_type":"","scores":[{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.77186","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0447"},{"reference_url":"http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43274"},{"reference_url":"http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43666"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034"},{"reference_url":"https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06"},{"reference_url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291"},{"reference_url":"https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060"},{"reference_url":"http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails"},{"reference_url":"http://www.debian.org/security/2011/dsa-2247","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2247"},{"reference_url":"http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46291"},{"reference_url":"http://www.securitytracker.com/id?1025060","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025060"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0587","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0587"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864","reference_id":"614864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0447","reference_id":"CVE-2011-0447","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0447"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml","reference_id":"CVE-2011-0447.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml"},{"reference_url":"https://github.com/advisories/GHSA-24fg-p96v-hxh8","reference_id":"GHSA-24fg-p96v-hxh8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-24fg-p96v-hxh8"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-0447","GHSA-24fg-p96v-hxh8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cjf-b88j-n3bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11870?format=json","vulnerability_id":"VCID-6jdd-kze9-myfz","summary":"High severity vulnerability that affects actionpack\nactionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0449","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68421","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0449"},{"reference_url":"http://secunia.com/advisories/43278","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43278"},{"reference_url":"http://securitytracker.com/id?1025061","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1025061"},{"reference_url":"https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b"},{"reference_url":"https://github.com/rails/rails/tree/main/actionpack","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/tree/main/actionpack"},{"reference_url":"https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061"},{"reference_url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0449","reference_id":"CVE-2011-0449","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0449"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml","reference_id":"CVE-2011-0449.YML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml"},{"reference_url":"https://github.com/advisories/GHSA-4ww3-3rxj-8v6q","reference_id":"GHSA-4ww3-3rxj-8v6q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4ww3-3rxj-8v6q"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-0449","GHSA-4ww3-3rxj-8v6q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jdd-kze9-myfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/328604?format=json","vulnerability_id":"VCID-9w4d-2z52-wyaf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33167","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06433","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/"}],"url":"https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0"},{"reference_url":"https://github.com/rails/rails/releases/tag/v8.1.2.1","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/"}],"url":"https://github.com/rails/rails/releases/tag/v8.1.2.1"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2026-33167.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33167","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450552","reference_id":"2450552","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/189714?format=json","purl":"pkg:gem/actionpack@8.1.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.1.2.1"}],"aliases":["CVE-2026-33167","GHSA-pgm4-439c-5jp6"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9w4d-2z52-wyaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10301?format=json","vulnerability_id":"VCID-ahgm-vw45-33a2","summary":"Ruby on Rails Potential XSS Vulnerability in select_tag prompt\nWhen a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56344","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3463"},{"reference_url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463","reference_id":"CVE-2012-3463","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3463"},{"reference_url":"https://github.com/advisories/GHSA-98mf-8f57-64qf","reference_id":"GHSA-98mf-8f57-64qf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98mf-8f57-64qf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50176?format=json","purl":"pkg:gem/actionpack@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/85778?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hpu4-xbs2-fugs"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pzs8-zstn-hbf2"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/50177?format=json","purl":"pkg:gem/actionpack@3.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8"}],"aliases":["CVE-2012-3463","GHSA-98mf-8f57-64qf","OSV-84515"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahgm-vw45-33a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10360?format=json","vulnerability_id":"VCID-auvj-pgpu-mybv","summary":"XSS Vulnerability in the `sanitize` helper\nThe `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1857","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70518","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1857"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1857","reference_id":"CVE-2013-1857","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1857"},{"reference_url":"https://github.com/advisories/GHSA-j838-vfpq-fmf2","reference_id":"GHSA-j838-vfpq-fmf2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j838-vfpq-fmf2"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50344?format=json","purl":"pkg:gem/actionpack@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/50345?format=json","purl":"pkg:gem/actionpack@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13"}],"aliases":["CVE-2013-1857","GHSA-j838-vfpq-fmf2","OSV-91454"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auvj-pgpu-mybv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11862?format=json","vulnerability_id":"VCID-b5zn-u8pu-zya6","summary":"actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request\n`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2694","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44673","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2694"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a"},{"reference_url":"https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2694","reference_id":"CVE-2012-2694","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2694"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml","reference_id":"CVE-2012-2694.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml"},{"reference_url":"https://github.com/advisories/GHSA-q34c-48gc-m9g8","reference_id":"GHSA-q34c-48gc-m9g8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q34c-48gc-m9g8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53542?format=json","purl":"pkg:gem/actionpack@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pzs8-zstn-hbf2"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6"}],"aliases":["CVE-2012-2694","GHSA-q34c-48gc-m9g8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5zn-u8pu-zya6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10841?format=json","vulnerability_id":"VCID-ct3m-wed2-6bhq","summary":"Path Traversal\nThe Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0752","reference_id":"","reference_type":"","scores":[{"value":"0.90494","scoring_system":"epss","scoring_elements":"0.99626","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0752"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00"},{"reference_url":"https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"},{"reference_url":"https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801"},{"reference_url":"https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752"},{"reference_url":"https://www.exploit-db.com/exploits/40561","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/40561"},{"reference_url":"http://www.debian.org/security/2016/dsa-3464","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.debian.org/security/2016/dsa-3464"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/13"},{"reference_url":"http://www.securityfocus.com/bid/81801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.securityfocus.com/bid/81801"},{"reference_url":"http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"http://www.securitytracker.com/id/1034816"},{"reference_url":"https://www.exploit-db.com/exploits/40561/","reference_id":"40561","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/"}],"url":"https://www.exploit-db.com/exploits/40561/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb","reference_id":"CVE-2016-0752","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0752","reference_id":"CVE-2016-0752","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0752"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml","reference_id":"CVE-2016-0752.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml","reference_id":"CVE-2016-0752.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml"},{"reference_url":"https://github.com/advisories/GHSA-xrr4-p6fq-hjg7","reference_id":"GHSA-xrr4-p6fq-hjg7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrr4-p6fq-hjg7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51439?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51440?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51441?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"}],"aliases":["CVE-2016-0752","GHSA-xrr4-p6fq-hjg7"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct3m-wed2-6bhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11825?format=json","vulnerability_id":"VCID-de5p-39kn-pkd3","summary":"actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56344","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3465"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77"},{"reference_url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465","reference_id":"CVE-2012-3465","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3465"},{"reference_url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5","reference_id":"GHSA-7g65-ghrg-hpf5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g65-ghrg-hpf5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50176?format=json","purl":"pkg:gem/actionpack@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/85778?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hpu4-xbs2-fugs"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pzs8-zstn-hbf2"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/50177?format=json","purl":"pkg:gem/actionpack@3.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8"}],"aliases":["CVE-2012-3465","GHSA-7g65-ghrg-hpf5","OSV-84513"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-de5p-39kn-pkd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11823?format=json","vulnerability_id":"VCID-dz1r-ae9g-57en","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nA certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3086","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68467","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3086"},{"reference_url":"http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/36600"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0"},{"reference_url":"https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978"},{"reference_url":"https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686"},{"reference_url":"https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600"},{"reference_url":"https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427"},{"reference_url":"http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails"},{"reference_url":"http://www.debian.org/security/2011/dsa-2260","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2260"},{"reference_url":"http://www.securityfocus.com/bid/37427","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/37427"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","reference_id":"545063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3086","reference_id":"CVE-2009-3086","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3086"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml","reference_id":"CVE-2009-3086.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml","reference_id":"CVE-2009-3086.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml"},{"reference_url":"https://github.com/advisories/GHSA-fg9w-g6m4-557j","reference_id":"GHSA-fg9w-g6m4-557j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fg9w-g6m4-557j"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[],"aliases":["CVE-2009-3086","GHSA-fg9w-g6m4-557j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dz1r-ae9g-57en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/261398?format=json","vulnerability_id":"VCID-f22x-hsz9-kfau","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41128","reference_id":"","reference_type":"","scores":[{"value":"0.00774","scoring_system":"epss","scoring_elements":"0.73907","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41128"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319036","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319036"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075"},{"reference_url":"https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef"},{"reference_url":"https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891"},{"reference_url":"https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376","reference_id":"1085376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376"},{"reference_url":"https://access.redhat.com/security/cve/cve-2024-41128","reference_id":"CVE-2024-41128","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://access.redhat.com/security/cve/cve-2024-41128"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41128","reference_id":"CVE-2024-41128","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41128"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml","reference_id":"CVE-2024-41128.YML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml"},{"reference_url":"https://github.com/advisories/GHSA-x76w-6vjr-8xgj","reference_id":"GHSA-x76w-6vjr-8xgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x76w-6vjr-8xgj"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj","reference_id":"GHSA-x76w-6vjr-8xgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj"},{"reference_url":"https://usn.ubuntu.com/7290-1/","reference_id":"USN-7290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83224?format=json","purl":"pkg:gem/actionpack@6.1.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/83228?format=json","purl":"pkg:gem/actionpack@7.0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/83225?format=json","purl":"pkg:gem/actionpack@7.1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/83227?format=json","purl":"pkg:gem/actionpack@7.2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/165625?format=json","purl":"pkg:gem/actionpack@8.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1"}],"aliases":["CVE-2024-41128","GHSA-x76w-6vjr-8xgj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f22x-hsz9-kfau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10463?format=json","vulnerability_id":"VCID-f8s8-epzh-3bhw","summary":"Denial of Service Vulnerability when using render :text\nStrings sent in specially crafted headers will be converted to symbols.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"},{"reference_url":"http://openwall.com/lists/oss-security/2014/02/18/10","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/02/18/10"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0215.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0306.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0082","reference_id":"","reference_type":"","scores":[{"value":"0.06456","scoring_system":"epss","scoring_elements":"0.91215","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc"},{"reference_url":"https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0082","reference_id":"CVE-2014-0082","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0082"},{"reference_url":"https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082","reference_id":"CVE-2014-0082","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml","reference_id":"CVE-2014-0082.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml"},{"reference_url":"https://github.com/advisories/GHSA-7cgp-c3g7-qvrw","reference_id":"GHSA-7cgp-c3g7-qvrw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cgp-c3g7-qvrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50641?format=json","purl":"pkg:gem/actionpack@3.2.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17"},{"url":"http://public2.vulnerablecode.io/api/packages/50562?format=json","purl":"pkg:gem/actionpack@4.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/50569?format=json","purl":"pkg:gem/actionpack@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-1bxj-7h5q-jbdz"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-5za7-eapk-3qgx"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-8frw-skyq-1fh9"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kurg-1k8b-zkh6"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-mrwn-mkcp-j7dv"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-rjft-pjjz-vycp"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-w2ca-rqx2-m7f4"},{"vulnerability":"VCID-wrrq-xxs9-xka9"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0"}],"aliases":["CVE-2014-0082","GHSA-7cgp-c3g7-qvrw","OSV-103440"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8s8-epzh-3bhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11813?format=json","vulnerability_id":"VCID-fm16-z8wy-6fgz","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"},{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3009","reference_id":"","reference_type":"","scores":[{"value":"0.01632","scoring_system":"epss","scoring_elements":"0.82215","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3009"},{"reference_url":"http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/36600"},{"reference_url":"http://secunia.com/advisories/36717","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/36717"},{"reference_url":"http://securitytracker.com/id?1022824","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securitytracker.com/id?1022824"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53036"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails"},{"reference_url":"http://www.debian.org/security/2009/dsa-1887","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2009/dsa-1887"},{"reference_url":"http://www.osvdb.org/57666","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.osvdb.org/57666"},{"reference_url":"http://www.securityfocus.com/bid/36278","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/36278"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","reference_id":"545063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3009","reference_id":"CVE-2009-3009","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3009"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml","reference_id":"CVE-2009-3009.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml"},{"reference_url":"https://github.com/advisories/GHSA-8qrh-h9m2-5fvf","reference_id":"GHSA-8qrh-h9m2-5fvf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qrh-h9m2-5fvf"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[],"aliases":["CVE-2009-3009","GHSA-8qrh-h9m2-5fvf","OSV-57666"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fm16-z8wy-6fgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/251064?format=json","vulnerability_id":"VCID-fnkq-8eys-gygm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28103","reference_id":"","reference_type":"","scores":[{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74897","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28103"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/"}],"url":"https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241206-0002","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241206-0002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705","reference_id":"1072705","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290530","reference_id":"2290530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290530"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28103","reference_id":"CVE-2024-28103","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28103"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml","reference_id":"CVE-2024-28103.YML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml"},{"reference_url":"https://github.com/advisories/GHSA-fwhr-88qx-h9g7","reference_id":"GHSA-fwhr-88qx-h9g7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwhr-88qx-h9g7"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7","reference_id":"GHSA-fwhr-88qx-h9g7","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81621?format=json","purl":"pkg:gem/actionpack@6.1.7.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.8"},{"url":"http://public2.vulnerablecode.io/api/packages/81624?format=json","purl":"pkg:gem/actionpack@7.0.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/81620?format=json","purl":"pkg:gem/actionpack@7.1.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/81623?format=json","purl":"pkg:gem/actionpack@7.2.0.beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.0.beta2"}],"aliases":["CVE-2024-28103","GHSA-fwhr-88qx-h9g7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnkq-8eys-gygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10432?format=json","vulnerability_id":"VCID-ghfd-u91m-dbdz","summary":"Denial of Service Vulnerability in Action View\nThere is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6414","reference_id":"","reference_type":"","scores":[{"value":"0.70843","scoring_system":"epss","scoring_elements":"0.98725","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/400","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/400"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg"},{"reference_url":"https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"},{"reference_url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6414","reference_id":"CVE-2013-6414","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6414"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6414","reference_id":"CVE-2013-6414","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6414"},{"reference_url":"https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414","reference_id":"CVE-2013-6414","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml","reference_id":"CVE-2013-6414.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml"},{"reference_url":"https://github.com/advisories/GHSA-mpxf-gcw2-pw5q","reference_id":"GHSA-mpxf-gcw2-pw5q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpxf-gcw2-pw5q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50563?format=json","purl":"pkg:gem/actionpack@3.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/50564?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-6414","GHSA-mpxf-gcw2-pw5q","OSV-100525"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghfd-u91m-dbdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10363?format=json","vulnerability_id":"VCID-gqg3-gs2h-zugf","summary":"XSS vulnerability in sanitize_css in Action Pack\nCarefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0698.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0698","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1863","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1863"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1855","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.6776","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1855"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921331"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-1855","reference_id":"CVE-2013-1855","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-1855"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1855","reference_id":"CVE-2013-1855","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1855"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml","reference_id":"CVE-2013-1855.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml"},{"reference_url":"https://github.com/advisories/GHSA-q759-hwvc-m3jg","reference_id":"GHSA-q759-hwvc-m3jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q759-hwvc-m3jg"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50344?format=json","purl":"pkg:gem/actionpack@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/50345?format=json","purl":"pkg:gem/actionpack@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13"}],"aliases":["CVE-2013-1855","GHSA-q759-hwvc-m3jg","OSV-91452"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqg3-gs2h-zugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11806?format=json","vulnerability_id":"VCID-hud5-xxhh-u3ex","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0446","reference_id":"","reference_type":"","scores":[{"value":"0.0067","scoring_system":"epss","scoring_elements":"0.71687","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0446"},{"reference_url":"http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43274"},{"reference_url":"http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43666"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217"},{"reference_url":"https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274"},{"reference_url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666"},{"reference_url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291"},{"reference_url":"https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064"},{"reference_url":"http://www.debian.org/security/2011/dsa-2247","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2247"},{"reference_url":"http://www.securityfocus.com/bid/46291","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46291"},{"reference_url":"http://www.securitytracker.com/id?1025064","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025064"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0587","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0587"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0877","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864","reference_id":"614864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0446","reference_id":"CVE-2011-0446","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0446"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml","reference_id":"CVE-2011-0446.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml","reference_id":"CVE-2011-0446.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml"},{"reference_url":"https://github.com/advisories/GHSA-75w6-p6mg-vh8j","reference_id":"GHSA-75w6-p6mg-vh8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75w6-p6mg-vh8j"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-0446","GHSA-75w6-p6mg-vh8j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hud5-xxhh-u3ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10499?format=json","vulnerability_id":"VCID-j52w-azvw-1ycn","summary":"Directory Traversal Vulnerability With Certain Route Configurations\nThe implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the RoR application server.","references":[{"reference_url":"http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/"}],"url":"http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"},{"reference_url":"http://osvdb.org/show/osvdb/106704","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/show/osvdb/106704"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0510","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1863","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1863"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0130","reference_id":"","reference_type":"","scores":[{"value":"0.5271","scoring_system":"epss","scoring_elements":"0.97991","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0130"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1095105","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1095105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/"}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk"},{"reference_url":"https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244"},{"reference_url":"https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"},{"reference_url":"https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130"},{"reference_url":"http://www.securityfocus.com/bid/67244","reference_id":"67244","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/"}],"url":"http://www.securityfocus.com/bid/67244"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-0130","reference_id":"CVE-2014-0130","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-0130"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0130","reference_id":"CVE-2014-0130","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0130"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml","reference_id":"CVE-2014-0130.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml"},{"reference_url":"https://github.com/advisories/GHSA-6x85-j5j2-27jx","reference_id":"GHSA-6x85-j5j2-27jx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6x85-j5j2-27jx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53546?format=json","purl":"pkg:gem/actionpack@3.2.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.18"},{"url":"http://public2.vulnerablecode.io/api/packages/53547?format=json","purl":"pkg:gem/actionpack@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/50645?format=json","purl":"pkg:gem/actionpack@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1"}],"aliases":["CVE-2014-0130","GHSA-6x85-j5j2-27jx"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j52w-azvw-1ycn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10838?format=json","vulnerability_id":"VCID-j585-zz5s-nqd5","summary":"Timing attack vulnerability in basic authentication\nDue to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7576","reference_id":"","reference_type":"","scores":[{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78545","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7576"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":""},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k"},{"reference_url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803"},{"reference_url":"http://www.debian.org/security/2016/dsa-3464","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3464"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/8","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576","reference_id":"CVE-2015-7576","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7576"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml","reference_id":"CVE-2015-7576.YML","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml"},{"reference_url":"https://github.com/advisories/GHSA-p692-7mm3-3fxg","reference_id":"GHSA-p692-7mm3-3fxg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p692-7mm3-3fxg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51439?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51440?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51441?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51442?format=json","purl":"pkg:gem/actionpack@5.0.0.beta1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1"}],"aliases":["CVE-2015-7576","GHSA-p692-7mm3-3fxg"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j585-zz5s-nqd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11817?format=json","vulnerability_id":"VCID-jnrw-sue5-zqex","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2931","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74566","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2931"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731436","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731436"},{"reference_url":"http://secunia.com/advisories/45921","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/45921"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.debian.org/security/2011/dsa-2301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2301"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2931","reference_id":"CVE-2011-2931","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2931"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml","reference_id":"CVE-2011-2931.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml"},{"reference_url":"https://github.com/advisories/GHSA-v5jg-558j-q67c","reference_id":"GHSA-v5jg-558j-q67c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v5jg-558j-q67c"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-2931","GHSA-v5jg-558j-q67c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jnrw-sue5-zqex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11858?format=json","vulnerability_id":"VCID-kyj5-b8wz-pkgj","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html"},{"reference_url":"http://openwall.com/lists/oss-security/2011/06/09/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/06/09/2"},{"reference_url":"http://openwall.com/lists/oss-security/2011/06/13/9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/06/13/9"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2197","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63561","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2197"},{"reference_url":"http://secunia.com/advisories/44789","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44789"},{"reference_url":"https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd"},{"reference_url":"https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da"},{"reference_url":"http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2197","reference_id":"CVE-2011-2197","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2197"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml","reference_id":"CVE-2011-2197.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml"},{"reference_url":"https://github.com/advisories/GHSA-v9v4-7jp6-8c73","reference_id":"GHSA-v9v4-7jp6-8c73","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v9v4-7jp6-8c73"}],"fixed_packages":[],"aliases":["CVE-2011-2197","GHSA-v9v4-7jp6-8c73"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kyj5-b8wz-pkgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11839?format=json","vulnerability_id":"VCID-m8rg-xa7x-6yan","summary":"Improper Input Validation\nThe template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2929","reference_id":"","reference_type":"","scores":[{"value":"0.00814","scoring_system":"epss","scoring_elements":"0.74586","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2929"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=731432","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731432"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552"},{"reference_url":"https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2929","reference_id":"CVE-2011-2929","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2929"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml","reference_id":"CVE-2011-2929.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml"},{"reference_url":"https://github.com/advisories/GHSA-r7q2-5gqg-6c7q","reference_id":"GHSA-r7q2-5gqg-6c7q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7q2-5gqg-6c7q"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[],"aliases":["CVE-2011-2929","GHSA-r7q2-5gqg-6c7q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8rg-xa7x-6yan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16834?format=json","vulnerability_id":"VCID-n2ap-zgrd-skhf","summary":"ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"0.01339","scoring_system":"epss","scoring_elements":"0.80316","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f"},{"reference_url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0"},{"reference_url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799","reference_id":"2164799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795","reference_id":"CVE-2023-22795","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795"},{"reference_url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv","reference_id":"GHSA-8xww-x3g3-6jcv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/162149?format=json","purl":"pkg:gem/actionpack@5.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/62440?format=json","purl":"pkg:gem/actionpack@6.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/62714?format=json","purl":"pkg:gem/actionpack@7.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1"}],"aliases":["CVE-2023-22795","GHSA-8xww-x3g3-6jcv","GMS-2023-56"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2ap-zgrd-skhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11820?format=json","vulnerability_id":"VCID-r7ur-pzac-7bbk","summary":"Improper Input Validation\nThe to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.","references":[{"reference_url":"http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html","reference_id":"","reference_type":"","scores":[],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3187","reference_id":"","reference_type":"","scores":[{"value":"0.08484","scoring_system":"epss","scoring_elements":"0.92491","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3187"},{"reference_url":"https://bugzilla.novell.com/show_bug.cgi?id=673010","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.novell.com/show_bug.cgi?id=673010"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html"},{"reference_url":"http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/17/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/17/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/19/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/19/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/08/22/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/08/22/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3187","reference_id":"CVE-2011-3187","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3187"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb","reference_id":"CVE-2011-3187;OSVDB-73733","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb"},{"reference_url":"https://www.securityfocus.com/bid/46423/info","reference_id":"CVE-2011-3187;OSVDB-73733","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/46423/info"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml","reference_id":"CVE-2011-3187.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml"},{"reference_url":"https://github.com/advisories/GHSA-3vfw-7rcp-3xgm","reference_id":"GHSA-3vfw-7rcp-3xgm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vfw-7rcp-3xgm"}],"fixed_packages":[],"aliases":["CVE-2011-3187","GHSA-3vfw-7rcp-3xgm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r7ur-pzac-7bbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11834?format=json","vulnerability_id":"VCID-sevc-c95q-tyg8","summary":"Improper Input Validation\nRuby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"},{"reference_url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup"},{"reference_url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/","reference_id":"","reference_type":"","scores":[],"url":"http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7248","reference_id":"","reference_type":"","scores":[{"value":"0.11409","scoring_system":"epss","scoring_elements":"0.93691","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7248"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=544329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=544329"},{"reference_url":"http://secunia.com/advisories/36600","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/36600"},{"reference_url":"http://secunia.com/advisories/38915","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/38915"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"},{"reference_url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup"},{"reference_url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/","reference_id":"","reference_type":"","scores":[],"url":"https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/"},{"reference_url":"https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1"},{"reference_url":"https://www.openwall.com/lists/oss-security/2009/11/28/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2009/11/28/1"},{"reference_url":"https://www.openwall.com/lists/oss-security/2009/12/02/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2009/12/02/2"},{"reference_url":"https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html"},{"reference_url":"http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/28/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/28/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/12/02/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/12/02/2"},{"reference_url":"http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2544","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/2544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685","reference_id":"558685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2008-7248","reference_id":"CVE-2008-7248","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2008-7248"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-7248","reference_id":"CVE-2008-7248","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-7248"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt","reference_id":"CVE-2008-7248;OSVDB-61124","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt"},{"reference_url":"https://www.securityfocus.com/bid/37322/info","reference_id":"CVE-2008-7248;OSVDB-61124","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/37322/info"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml","reference_id":"CVE-2008-7248.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml"},{"reference_url":"https://github.com/advisories/GHSA-8fqx-7pv4-3jwm","reference_id":"GHSA-8fqx-7pv4-3jwm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fqx-7pv4-3jwm"},{"reference_url":"https://security.gentoo.org/glsa/200912-02","reference_id":"GLSA-200912-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-02"}],"fixed_packages":[],"aliases":["CVE-2008-7248","GHSA-8fqx-7pv4-3jwm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sevc-c95q-tyg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10433?format=json","vulnerability_id":"VCID-sfnx-agxs-9yc9","summary":"XSS Vulnerability in number_to_currency\nThe number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6415","reference_id":"","reference_type":"","scores":[{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81475","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/402","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/402"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0"},{"reference_url":"https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6415","reference_id":"CVE-2013-6415","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6415"},{"reference_url":"https://puppet.com/security/cve/cve-2013-6415","reference_id":"CVE-2013-6415","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2013-6415"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml","reference_id":"CVE-2013-6415.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml"},{"reference_url":"https://github.com/advisories/GHSA-6h5q-96hp-9jgm","reference_id":"GHSA-6h5q-96hp-9jgm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6h5q-96hp-9jgm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50563?format=json","purl":"pkg:gem/actionpack@3.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/50564?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-6415","GHSA-6h5q-96hp-9jgm","OSV-100524"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfnx-agxs-9yc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10436?format=json","vulnerability_id":"VCID-swv6-gyb1-y7bs","summary":"XSS Vulnerability in simple_format helper\nThe simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6416","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46636","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6416"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/404","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/404"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM"},{"reference_url":"https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6416","reference_id":"CVE-2013-6416","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6416"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml","reference_id":"CVE-2013-6416.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml"},{"reference_url":"https://github.com/advisories/GHSA-w37c-q653-qg95","reference_id":"GHSA-w37c-q653-qg95","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w37c-q653-qg95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50174?format=json","purl":"pkg:gem/actionpack@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hpu4-xbs2-fugs"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pzs8-zstn-hbf2"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/50564?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-6416","GHSA-w37c-q653-qg95","OSV-100526"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swv6-gyb1-y7bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10591?format=json","vulnerability_id":"VCID-t1ep-g6cz-7kgr","summary":"Arbitrary file existence disclosure\nSpecially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7829","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.5012","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7829"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk"},{"reference_url":"https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183"},{"reference_url":"http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934","reference_id":"770934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7829","reference_id":"CVE-2014-7829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7829"},{"reference_url":"https://puppet.com/security/cve/cve-2014-7829","reference_id":"CVE-2014-7829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2014-7829"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml","reference_id":"CVE-2014-7829.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml"},{"reference_url":"https://github.com/advisories/GHSA-h56m-vwxc-3qpw","reference_id":"GHSA-h56m-vwxc-3qpw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h56m-vwxc-3qpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50983?format=json","purl":"pkg:gem/actionpack@3.2.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.21"},{"url":"http://public2.vulnerablecode.io/api/packages/50984?format=json","purl":"pkg:gem/actionpack@4.0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/50985?format=json","purl":"pkg:gem/actionpack@4.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/90972?format=json","purl":"pkg:gem/actionpack@4.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/50986?format=json","purl":"pkg:gem/actionpack@4.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/50987?format=json","purl":"pkg:gem/actionpack@4.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73704?format=json","purl":"pkg:gem/actionpack@4.2.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/73705?format=json","purl":"pkg:gem/actionpack@4.2.0.beta4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta4"}],"aliases":["CVE-2014-7829","GHSA-h56m-vwxc-3qpw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1ep-g6cz-7kgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10272?format=json","vulnerability_id":"VCID-tc9x-h24m-9ufe","summary":"Translate helper method which may allow an attacker to insert arbitrary code into a page\nThe helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.","references":[{"reference_url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1"},{"reference_url":"http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain"},{"reference_url":"http://openwall.com/lists/oss-security/2011/11/18/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/11/18/8"},{"reference_url":"http://osvdb.org/77199","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/77199"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4319","reference_id":"","reference_type":"","scores":[{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70023","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4319"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71364","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71364"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c"},{"reference_url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade"},{"reference_url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU"},{"reference_url":"https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722"},{"reference_url":"https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342"},{"reference_url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released"},{"reference_url":"http://www.securityfocus.com/bid/50722","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/50722"},{"reference_url":"http://www.securitytracker.com/id?1026342","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1026342"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4319","reference_id":"CVE-2011-4319","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4319"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml","reference_id":"CVE-2011-4319.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml"},{"reference_url":"https://github.com/advisories/GHSA-xxr8-833v-c7wc","reference_id":"GHSA-xxr8-833v-c7wc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxr8-833v-c7wc"}],"fixed_packages":[],"aliases":["CVE-2011-4319","GHSA-xxr8-833v-c7wc","OSV-77199"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc9x-h24m-9ufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10435?format=json","vulnerability_id":"VCID-vaa4-b9ph-b7cm","summary":"Reflective XSS Vulnerability\nThere is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1794.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0008.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1863.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4491","reference_id":"","reference_type":"","scores":[{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72633","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/401","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/401"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4491","reference_id":"CVE-2013-4491","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4491"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml","reference_id":"CVE-2013-4491.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml"},{"reference_url":"https://github.com/advisories/GHSA-699m-mcjm-9cw8","reference_id":"GHSA-699m-mcjm-9cw8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-699m-mcjm-9cw8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50563?format=json","purl":"pkg:gem/actionpack@3.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/50564?format=json","purl":"pkg:gem/actionpack@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pssv-24tn-kkc5"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2"}],"aliases":["CVE-2013-4491","GHSA-699m-mcjm-9cw8","OSV-100528"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vaa4-b9ph-b7cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10831?format=json","vulnerability_id":"VCID-wyvv-ks5y-fkex","summary":"Possible Object Leak and Denial of Service attack\nA carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0296.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0751","reference_id":"","reference_type":"","scores":[{"value":"0.08895","scoring_system":"epss","scoring_elements":"0.92693","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0751"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17"},{"reference_url":"https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6"},{"reference_url":"https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc"},{"reference_url":"https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816"},{"reference_url":"https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800"},{"reference_url":"http://www.debian.org/security/2016/dsa-3464","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3464"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751","reference_id":"CVE-2016-0751","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0751"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml","reference_id":"CVE-2016-0751.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml"},{"reference_url":"https://github.com/advisories/GHSA-ffpv-c4hm-3x6v","reference_id":"GHSA-ffpv-c4hm-3x6v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffpv-c4hm-3x6v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51439?format=json","purl":"pkg:gem/actionpack@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51440?format=json","purl":"pkg:gem/actionpack@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51441?format=json","purl":"pkg:gem/actionpack@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fn9u-w13j-43dz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51442?format=json","purl":"pkg:gem/actionpack@5.0.0.beta1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1"}],"aliases":["CVE-2016-0751","GHSA-ffpv-c4hm-3x6v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wyvv-ks5y-fkex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19552?format=json","vulnerability_id":"VCID-xhqj-617q-f7fb","summary":"Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n\nThere is a possible ReDoS vulnerability in the Accept header parsing routines\nof Action Dispatch. This vulnerability has been assigned the CVE identifier\nCVE-2024-26142.\n\nVersions Affected:  >= 7.1.0, < 7.1.3.1\nNot affected:       < 7.1.0\nFixed Versions:     7.1.3.1\n\nImpact\n------\nCarefully crafted Accept headers can cause Accept header parsing in Action\nDispatch to take an unexpected amount of time, possibly resulting in a DoS\nvulnerability.  All users running an affected release should either upgrade or\nuse one of the workarounds immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby\n3.2 or newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 7-1-accept-redox.patch - Patch for 7.1 series\n\nCredits\n-------\nThanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26142","reference_id":"","reference_type":"","scores":[{"value":"0.03542","scoring_system":"epss","scoring_elements":"0.87878","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26142"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266324","reference_id":"2266324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266324"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26142","reference_id":"CVE-2024-26142","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26142"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml","reference_id":"CVE-2024-26142.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml"},{"reference_url":"https://github.com/advisories/GHSA-jjhx-jhvp-74wq","reference_id":"GHSA-jjhx-jhvp-74wq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjhx-jhvp-74wq"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq","reference_id":"GHSA-jjhx-jhvp-74wq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240503-0003/","reference_id":"ntap-20240503-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240503-0003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67973?format=json","purl":"pkg:gem/actionpack@7.1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.3.1"}],"aliases":["CVE-2024-26142","GHSA-jjhx-jhvp-74wq"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhqj-617q-f7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16655?format=json","vulnerability_id":"VCID-yp5x-mgfj-xbbf","summary":"ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792","reference_id":"","reference_type":"","scores":[{"value":"0.02326","scoring_system":"epss","scoring_elements":"0.85083","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007"},{"reference_url":"https://www.debian.org/security/2023/dsa-5372","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://www.debian.org/security/2023/dsa-5372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800","reference_id":"2164800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792","reference_id":"CVE-2023-22792","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792"},{"reference_url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj","reference_id":"GHSA-p84v-45xj-wwqj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007/","reference_id":"ntap-20240202-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/162149?format=json","purl":"pkg:gem/actionpack@5.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/197469?format=json","purl":"pkg:gem/actionpack@5.2.8.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.8.15"},{"url":"http://public2.vulnerablecode.io/api/packages/62440?format=json","purl":"pkg:gem/actionpack@6.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/62714?format=json","purl":"pkg:gem/actionpack@7.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.4.1"}],"aliases":["CVE-2023-22792","GHSA-p84v-45xj-wwqj","GMS-2023-58"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp5x-mgfj-xbbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265991?format=json","vulnerability_id":"VCID-ypmv-73g2-gfex","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47887","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56357","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47887"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376","reference_id":"1085376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319034","reference_id":"2319034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319034"},{"reference_url":"https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049","reference_id":"56b2fc3302836405b496e196a8d5fc0195e55049","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049"},{"reference_url":"https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a","reference_id":"7c1398854d51f9bb193fb79f226647351133d08a","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a"},{"reference_url":"https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545","reference_id":"8e057db25bff1dc7a98e9ae72e0083825b9ac545","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47887","reference_id":"CVE-2024-47887","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47887"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml","reference_id":"CVE-2024-47887.YML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml"},{"reference_url":"https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2","reference_id":"f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2"},{"reference_url":"https://github.com/advisories/GHSA-vfg9-r3fq-jvx4","reference_id":"GHSA-vfg9-r3fq-jvx4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfg9-r3fq-jvx4"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4","reference_id":"GHSA-vfg9-r3fq-jvx4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4"},{"reference_url":"https://usn.ubuntu.com/7290-1/","reference_id":"USN-7290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83224?format=json","purl":"pkg:gem/actionpack@6.1.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/83228?format=json","purl":"pkg:gem/actionpack@7.0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/83225?format=json","purl":"pkg:gem/actionpack@7.1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/83227?format=json","purl":"pkg:gem/actionpack@7.2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/165625?format=json","purl":"pkg:gem/actionpack@8.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.beta1"}],"aliases":["CVE-2024-47887","GHSA-vfg9-r3fq-jvx4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypmv-73g2-gfex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/270960?format=json","vulnerability_id":"VCID-yrjj-cken-6qff","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54133","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40654","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54133"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49"},{"reference_url":"https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a"},{"reference_url":"https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542"},{"reference_url":"https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54133","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54133"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250306-0010","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250306-0010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755","reference_id":"1089755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331619","reference_id":"2331619","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331619"},{"reference_url":"https://github.com/advisories/GHSA-vfm5-rmrh-j26v","reference_id":"GHSA-vfm5-rmrh-j26v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vfm5-rmrh-j26v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/168721?format=json","purl":"pkg:gem/actionpack@7.0.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/168723?format=json","purl":"pkg:gem/actionpack@7.1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/168726?format=json","purl":"pkg:gem/actionpack@7.2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/168729?format=json","purl":"pkg:gem/actionpack@8.0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9w4d-2z52-wyaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@8.0.0.1"}],"aliases":["CVE-2024-54133","GHSA-vfm5-rmrh-j26v"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjj-cken-6qff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11015?format=json","vulnerability_id":"VCID-zm15-yzy1-xuhv","summary":"Possible XSS Vulnerability in ActionView\nThere is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1855.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1856.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1856.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1857.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1857.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1858.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1858.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6316","reference_id":"","reference_type":"","scores":[{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82175","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE"},{"reference_url":"https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3651","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3651"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/08/11/3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/08/11/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155","reference_id":"834155","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6316","reference_id":"CVE-2016-6316","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6316"},{"reference_url":"https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316","reference_id":"CVE-2016-6316","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml","reference_id":"CVE-2016-6316.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml"},{"reference_url":"https://github.com/advisories/GHSA-pc3m-v286-2jwj","reference_id":"GHSA-pc3m-v286-2jwj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pc3m-v286-2jwj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51836?format=json","purl":"pkg:gem/actionpack@3.2.22.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.3"}],"aliases":["CVE-2016-6316","GHSA-pc3m-v286-2jwj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zm15-yzy1-xuhv"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11827?format=json","vulnerability_id":"VCID-pzs8-zstn-hbf2","summary":"actionpack Improper Authentication vulnerability\nThe `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0154.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.7708","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3424"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain"},{"reference_url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424","reference_id":"CVE-2012-3424","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424"},{"reference_url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj","reference_id":"GHSA-92w9-2pqw-rhjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53468?format=json","purl":"pkg:gem/actionpack@2.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-fyxy-39kr-afde"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hpu4-xbs2-fugs"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pzs8-zstn-hbf2"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53465?format=json","purl":"pkg:gem/actionpack@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/85657?format=json","purl":"pkg:gem/actionpack@3.1.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hpu4-xbs2-fugs"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pzs8-zstn-hbf2"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/53466?format=json","purl":"pkg:gem/actionpack@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/85778?format=json","purl":"pkg:gem/actionpack@3.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hpu4-xbs2-fugs"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-pzs8-zstn-hbf2"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/53467?format=json","purl":"pkg:gem/actionpack@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1161-4sdr-fkc3"},{"vulnerability":"VCID-14eh-tn37-bfhu"},{"vulnerability":"VCID-26je-urbt-8kee"},{"vulnerability":"VCID-31rm-1rpc-g3dq"},{"vulnerability":"VCID-4jjq-jkgc-mkca"},{"vulnerability":"VCID-6as7-jkwa-53dk"},{"vulnerability":"VCID-6cjf-b88j-n3bw"},{"vulnerability":"VCID-6jdd-kze9-myfz"},{"vulnerability":"VCID-9w4d-2z52-wyaf"},{"vulnerability":"VCID-ahgm-vw45-33a2"},{"vulnerability":"VCID-apra-79g2-wkfn"},{"vulnerability":"VCID-auvj-pgpu-mybv"},{"vulnerability":"VCID-b5zn-u8pu-zya6"},{"vulnerability":"VCID-ct3m-wed2-6bhq"},{"vulnerability":"VCID-de5p-39kn-pkd3"},{"vulnerability":"VCID-dz1r-ae9g-57en"},{"vulnerability":"VCID-f22x-hsz9-kfau"},{"vulnerability":"VCID-f8s8-epzh-3bhw"},{"vulnerability":"VCID-fm16-z8wy-6fgz"},{"vulnerability":"VCID-fnkq-8eys-gygm"},{"vulnerability":"VCID-ghfd-u91m-dbdz"},{"vulnerability":"VCID-gqg3-gs2h-zugf"},{"vulnerability":"VCID-hud5-xxhh-u3ex"},{"vulnerability":"VCID-j52w-azvw-1ycn"},{"vulnerability":"VCID-j585-zz5s-nqd5"},{"vulnerability":"VCID-jnrw-sue5-zqex"},{"vulnerability":"VCID-kyj5-b8wz-pkgj"},{"vulnerability":"VCID-m8rg-xa7x-6yan"},{"vulnerability":"VCID-n2ap-zgrd-skhf"},{"vulnerability":"VCID-r7ur-pzac-7bbk"},{"vulnerability":"VCID-sevc-c95q-tyg8"},{"vulnerability":"VCID-sfnx-agxs-9yc9"},{"vulnerability":"VCID-swv6-gyb1-y7bs"},{"vulnerability":"VCID-t1ep-g6cz-7kgr"},{"vulnerability":"VCID-tc9x-h24m-9ufe"},{"vulnerability":"VCID-vaa4-b9ph-b7cm"},{"vulnerability":"VCID-vm51-p4w4-n3du"},{"vulnerability":"VCID-wyvv-ks5y-fkex"},{"vulnerability":"VCID-xhqj-617q-f7fb"},{"vulnerability":"VCID-yp5x-mgfj-xbbf"},{"vulnerability":"VCID-ypmv-73g2-gfex"},{"vulnerability":"VCID-yrjj-cken-6qff"},{"vulnerability":"VCID-zm15-yzy1-xuhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7"}],"aliases":["CVE-2012-3424","GHSA-92w9-2pqw-rhjj","OSV-84243"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzs8-zstn-hbf2"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7"}