Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/activesupport@6.1.0
Typegem
Namespace
Nameactivesupport
Version6.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.2.3.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-1c3z-t7sf-vqec
vulnerability_id VCID-1c3z-t7sf-vqec
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33176
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.0971
published_at 2026-06-11T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09751
published_at 2026-06-14T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09762
published_at 2026-06-13T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.0976
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33176
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33176.yml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33176
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33176
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id 1132035
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
8
reference_url https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb
reference_id 19dbab51ca086a657bb86458042bc44314916bcb
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450551
reference_id 2450551
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450551
10
reference_url https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a
reference_id ebd6be18120d1136511eb516338e27af25ac0a1a
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a
11
reference_url https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856
reference_id ee2c59e730e5b8faed502cd2c573109df093f856
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856
12
reference_url https://github.com/advisories/GHSA-2j26-frm8-cmj9
reference_id GHSA-2j26-frm8-cmj9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j26-frm8-cmj9
13
reference_url https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9
reference_id GHSA-2j26-frm8-cmj9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9
14
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
15
reference_url https://access.redhat.com/errata/RHSA-2026:14873
reference_id RHSA-2026:14873
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14873
16
reference_url https://access.redhat.com/errata/RHSA-2026:14874
reference_id RHSA-2026:14874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14874
17
reference_url https://github.com/rails/rails/releases/tag/v7.2.3.1
reference_id v7.2.3.1
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/releases/tag/v7.2.3.1
18
reference_url https://github.com/rails/rails/releases/tag/v8.0.4.1
reference_id v8.0.4.1
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/releases/tag/v8.0.4.1
19
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id v8.1.2.1
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
fixed_packages
0
url pkg:gem/activesupport@7.2.3.1
purl pkg:gem/activesupport@7.2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1
1
url pkg:gem/activesupport@8.0.0.beta1
purl pkg:gem/activesupport@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.0.beta1
2
url pkg:gem/activesupport@8.0.4.1
purl pkg:gem/activesupport@8.0.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1
3
url pkg:gem/activesupport@8.1.0.beta1
purl pkg:gem/activesupport@8.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.0.beta1
4
url pkg:gem/activesupport@8.1.2.1
purl pkg:gem/activesupport@8.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1
aliases CVE-2026-33176, GHSA-2j26-frm8-cmj9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1c3z-t7sf-vqec
1
url VCID-gujm-trnh-fqaa
vulnerability_id VCID-gujm-trnh-fqaa
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22796
reference_id
reference_type
scores
0
value 0.01484
scoring_system epss
scoring_elements 0.81483
published_at 2026-06-14T12:55:00Z
1
value 0.01484
scoring_system epss
scoring_elements 0.81492
published_at 2026-06-13T12:55:00Z
2
value 0.01484
scoring_system epss
scoring_elements 0.81424
published_at 2026-06-11T12:55:00Z
3
value 0.01484
scoring_system epss
scoring_elements 0.81484
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22796
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
13
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
14
reference_url https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8
15
reference_url https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef
16
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
17
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22796
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22796
20
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164736
reference_id 2164736
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164736
23
reference_url https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
reference_id 82116
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/
url https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
24
reference_url https://www.debian.org/security/2023/dsa-5372
reference_id dsa-5372
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/
url https://www.debian.org/security/2023/dsa-5372
25
reference_url https://github.com/advisories/GHSA-j6gc-792m-qgm2
reference_id GHSA-j6gc-792m-qgm2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6gc-792m-qgm2
26
reference_url https://security.netapp.com/advisory/ntap-20240202-0009/
reference_id ntap-20240202-0009
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/
url https://security.netapp.com/advisory/ntap-20240202-0009/
27
reference_url https://access.redhat.com/errata/RHSA-2023:4341
reference_id RHSA-2023:4341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4341
28
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/activesupport@6.1.7.1
purl pkg:gem/activesupport@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-gujm-trnh-fqaa
2
vulnerability VCID-jgeh-r771-5fcf
3
vulnerability VCID-ky23-ggur-b3dn
4
vulnerability VCID-sbb8-q7rv-ukh5
5
vulnerability VCID-u15m-jr9m-wyd3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.7.1
1
url pkg:gem/activesupport@7.0.4.1
purl pkg:gem/activesupport@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-gujm-trnh-fqaa
2
vulnerability VCID-jgeh-r771-5fcf
3
vulnerability VCID-ky23-ggur-b3dn
4
vulnerability VCID-sbb8-q7rv-ukh5
5
vulnerability VCID-u15m-jr9m-wyd3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.4.1
aliases CVE-2023-22796, GHSA-j6gc-792m-qgm2, GMS-2023-61
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gujm-trnh-fqaa
2
url VCID-jgeh-r771-5fcf
vulnerability_id VCID-jgeh-r771-5fcf
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28120
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61525
published_at 2026-06-11T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61633
published_at 2026-06-14T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61637
published_at 2026-06-13T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.61629
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28120
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28120
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28120
9
reference_url https://security.netapp.com/advisory/ntap-20240202-0006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240202-0006
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262
reference_id 1033262
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179637
reference_id 2179637
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179637
12
reference_url https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
reference_id 3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
13
reference_url https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
reference_id 82469
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
14
reference_url https://www.debian.org/security/2023/dsa-5389
reference_id dsa-5389
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://www.debian.org/security/2023/dsa-5389
15
reference_url https://github.com/advisories/GHSA-pj73-v5mw-pm9j
reference_id GHSA-pj73-v5mw-pm9j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pj73-v5mw-pm9j
16
reference_url https://security.netapp.com/advisory/ntap-20240202-0006/
reference_id ntap-20240202-0006
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://security.netapp.com/advisory/ntap-20240202-0006/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1953
reference_id RHSA-2023:1953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1953
18
reference_url https://access.redhat.com/errata/RHSA-2023:3495
reference_id RHSA-2023:3495
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3495
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/
reference_id UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/
reference_id ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/
fixed_packages
0
url pkg:gem/activesupport@6.1.7.3
purl pkg:gem/activesupport@6.1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
3
vulnerability VCID-u15m-jr9m-wyd3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.7.3
1
url pkg:gem/activesupport@7.0.4.3
purl pkg:gem/activesupport@7.0.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
3
vulnerability VCID-u15m-jr9m-wyd3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.4.3
aliases CVE-2023-28120, GHSA-pj73-v5mw-pm9j, GMS-2023-765
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgeh-r771-5fcf
3
url VCID-ky23-ggur-b3dn
vulnerability_id VCID-ky23-ggur-b3dn
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33169
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06152
published_at 2026-06-11T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.06151
published_at 2026-06-14T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.06165
published_at 2026-06-13T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.06174
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33169
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33169.yml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33169
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33169
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id 1132035
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450556
reference_id 2450556
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450556
9
reference_url https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11
reference_id 29154f1097da13d48fdb3200760b3e3da66dcb11
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11
10
reference_url https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974
reference_id b54a4b373c6f042cab6ee2033246b1c9ecc38974
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974
11
reference_url https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49
reference_id ec1a0e215efd27a3b3911aae6df978a80f456a49
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49
12
reference_url https://github.com/advisories/GHSA-cg4j-q9v8-6v38
reference_id GHSA-cg4j-q9v8-6v38
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg4j-q9v8-6v38
13
reference_url https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38
reference_id GHSA-cg4j-q9v8-6v38
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38
14
reference_url https://github.com/rails/rails/releases/tag/v7.2.3.1
reference_id v7.2.3.1
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/releases/tag/v7.2.3.1
15
reference_url https://github.com/rails/rails/releases/tag/v8.0.4.1
reference_id v8.0.4.1
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/releases/tag/v8.0.4.1
16
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id v8.1.2.1
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
fixed_packages
0
url pkg:gem/activesupport@7.2.3.1
purl pkg:gem/activesupport@7.2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1
1
url pkg:gem/activesupport@8.0.0.beta1
purl pkg:gem/activesupport@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.0.beta1
2
url pkg:gem/activesupport@8.0.4.1
purl pkg:gem/activesupport@8.0.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1
3
url pkg:gem/activesupport@8.1.0.beta1
purl pkg:gem/activesupport@8.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.0.beta1
4
url pkg:gem/activesupport@8.1.2.1
purl pkg:gem/activesupport@8.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1
aliases CVE-2026-33169, GHSA-cg4j-q9v8-6v38
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ky23-ggur-b3dn
4
url VCID-sbb8-q7rv-ukh5
vulnerability_id VCID-sbb8-q7rv-ukh5
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33170
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01511
published_at 2026-06-11T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01527
published_at 2026-06-14T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01518
published_at 2026-06-13T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01515
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33170
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2026-33170.yml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33170
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33170
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id 1132035
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450543
reference_id 2450543
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450543
9
reference_url https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7
reference_id 50d732af3b7c8aaf63cbcca0becbc00279b215b7
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7
10
reference_url https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db
reference_id 6e8a81108001d58043de9e54a06fca58962fc2db
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db
11
reference_url https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb
reference_id c1ad0e8e1972032f3395853a5e99cea035035beb
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb
12
reference_url https://github.com/advisories/GHSA-89vf-4333-qx8v
reference_id GHSA-89vf-4333-qx8v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-89vf-4333-qx8v
13
reference_url https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v
reference_id GHSA-89vf-4333-qx8v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v
14
reference_url https://github.com/rails/rails/releases/tag/v7.2.3.1
reference_id v7.2.3.1
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/releases/tag/v7.2.3.1
15
reference_url https://github.com/rails/rails/releases/tag/v8.0.4.1
reference_id v8.0.4.1
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/releases/tag/v8.0.4.1
16
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id v8.1.2.1
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
fixed_packages
0
url pkg:gem/activesupport@7.2.3.1
purl pkg:gem/activesupport@7.2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.2.3.1
1
url pkg:gem/activesupport@8.0.0.beta1
purl pkg:gem/activesupport@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.0.beta1
2
url pkg:gem/activesupport@8.0.4.1
purl pkg:gem/activesupport@8.0.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.0.4.1
3
url pkg:gem/activesupport@8.1.0.beta1
purl pkg:gem/activesupport@8.1.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.0.beta1
4
url pkg:gem/activesupport@8.1.2.1
purl pkg:gem/activesupport@8.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@8.1.2.1
aliases CVE-2026-33170, GHSA-89vf-4333-qx8v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbb8-q7rv-ukh5
5
url VCID-u15m-jr9m-wyd3
vulnerability_id VCID-u15m-jr9m-wyd3
summary 
ActiveSupport::EncryptedFile writes contents that will be encrypted to a
temporary file.  The temporary file's permissions are defaulted to the user's
current `umask` settings, meaning that it's possible for other users on the
same system to read the contents of the temporary file.

Attackers that have access to the file system could possibly read the contents
of this temporary file while a user is editing it.

All users running an affected release should either upgrade or use one of the
workarounds immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38037
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.266
published_at 2026-06-12T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.26603
published_at 2026-06-14T12:55:00Z
2
value 0.00095
scoring_system epss
scoring_elements 0.26399
published_at 2026-06-11T12:55:00Z
3
value 0.00095
scoring_system epss
scoring_elements 0.26616
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38037
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731
5
reference_url https://github.com/rails/rails/releases/tag/v7.0.7.1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.7.1
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38037
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38037
8
reference_url https://security.netapp.com/advisory/ntap-20250214-0010
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250214-0010
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057
reference_id 1051057
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2236261
reference_id 2236261
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2236261
11
reference_url https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544
reference_id 83544
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:42Z/
url https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544
12
reference_url https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
reference_id GHSA-cr5q-6q9f-rq6q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
13
reference_url https://access.redhat.com/errata/RHSA-2023:7720
reference_id RHSA-2023:7720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7720
14
reference_url https://access.redhat.com/errata/RHSA-2024:0268
reference_id RHSA-2024:0268
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0268
15
reference_url https://access.redhat.com/errata/RHSA-2024:2010
reference_id RHSA-2024:2010
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2010
fixed_packages
0
url pkg:gem/activesupport@6.1.7.5
purl pkg:gem/activesupport@6.1.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.7.5
1
url pkg:gem/activesupport@7.0.7.1
purl pkg:gem/activesupport@7.0.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1c3z-t7sf-vqec
1
vulnerability VCID-ky23-ggur-b3dn
2
vulnerability VCID-sbb8-q7rv-ukh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.7.1
aliases CVE-2023-38037, GHSA-cr5q-6q9f-rq6q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u15m-jr9m-wyd3
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.0