{"url":"http://public2.vulnerablecode.io/api/packages/54500?format=json","purl":"pkg:gem/actionpack@3.0.16","type":"gem","namespace":"","name":"actionpack","version":"3.0.16","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.0.17","latest_non_vulnerable_version":"7.1.3.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39071?format=json","vulnerability_id":"VCID-dx34-zm9p-1ydc","summary":"actionpack Improper Authentication vulnerability\nThe `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.","references":[{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424","reference_id":"CVE-2012-3424","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3424"},{"reference_url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj","reference_id":"GHSA-92w9-2pqw-rhjj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-92w9-2pqw-rhjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54503?format=json","purl":"pkg:gem/actionpack@2.3.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/54500?format=json","purl":"pkg:gem/actionpack@3.0.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/54501?format=json","purl":"pkg:gem/actionpack@3.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54502?format=json","purl":"pkg:gem/actionpack@3.2.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7"}],"aliases":["CVE-2012-3424","GHSA-92w9-2pqw-rhjj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx34-zm9p-1ydc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.16"}