Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rails@3.0.1
Typegem
Namespace
Namerails
Version3.0.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.0.4
Latest_non_vulnerable_version7.1.3.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8n6u-hbhg-7qdx
vulnerability_id VCID-8n6u-hbhg-7qdx
summary 
Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
references
0
reference_url http://secunia.com/advisories/41930
reference_id
reference_type
scores
url http://secunia.com/advisories/41930
1
reference_url http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url http://securitytracker.com/id?1024624
2
reference_url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
3
reference_url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
4
reference_url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
reference_id
reference_type
scores
url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
5
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
reference_id
reference_type
scores
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
6
reference_url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
7
reference_url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
8
reference_url http://www.vupen.com/english/advisories/2010/2719
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2010/2719
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
reference_id CVE-2010-3933
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
reference_id CVE-2010-3933.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
11
reference_url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
reference_id GHSA-gjxw-5w2q-7grf
reference_type
scores
url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
fixed_packages
0
url pkg:gem/rails@2.3.10
purl pkg:gem/rails@2.3.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.10
1
url pkg:gem/rails@3.0.1
purl pkg:gem/rails@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.1
aliases CVE-2010-3933, GHSA-gjxw-5w2q-7grf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8n6u-hbhg-7qdx
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.1