Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/activerecord@2.3.0

Type gem

Namespace

Name activerecord

Version 2.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.1.5.2

Latest_non_vulnerable_version 8.0.2.1

Affected_by_vulnerabilities

url VCID-57uk-2vgz-kyhn

vulnerability_id VCID-57uk-2vgz-kyhn

summary

Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0699.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0699.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1863.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1863.html

reference_url

https://access.redhat.com/errata/RHSA-2013:0699

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0699

reference_url

https://access.redhat.com/errata/RHSA-2014:1863

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1863

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1854

reference_id

reference_type

scores

value	0.01795
scoring_system	epss
scoring_elements	0.83081
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1854

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=921329

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=921329

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE

reference_url

https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

reference_url

http://support.apple.com/kb/HT5784

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.apple.com/kb/HT5784

reference_url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

reference_url

https://access.redhat.com/security/cve/CVE-2013-1854

reference_id

CVE-2013-1854

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-1854

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1854

reference_id

CVE-2013-1854

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1854

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml

reference_id

CVE-2013-1854.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml

reference_url

https://github.com/advisories/GHSA-3crr-9vmg-864v

reference_id

GHSA-3crr-9vmg-864v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3crr-9vmg-864v

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url pkg:gem/activerecord@2.3.18

purl pkg:gem/activerecord@2.3.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12f4-gcj5-h3cu

vulnerability	VCID-1r5t-n9ys-zbbu

vulnerability	VCID-2dgz-cqjx-bkaw

vulnerability	VCID-3gxu-74a5-m7cv

vulnerability	VCID-57uk-2vgz-kyhn

vulnerability	VCID-9xfd-d2ff-uuec

vulnerability	VCID-c3hd-njh3-b3bg

vulnerability	VCID-d7z6-98fp-r3g2

vulnerability	VCID-jhtd-7tmy-jfaj

vulnerability	VCID-jug9-esjy-8fh5

vulnerability	VCID-v12d-fr9k-7ufu

vulnerability	VCID-zy5d-6a4f-wua5

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.18

url pkg:gem/activerecord@3.0.0

purl pkg:gem/activerecord@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12f4-gcj5-h3cu

vulnerability	VCID-1r5t-n9ys-zbbu

vulnerability	VCID-2dgz-cqjx-bkaw

vulnerability	VCID-2vex-unxw-jub9

vulnerability	VCID-31rm-1rpc-g3dq

vulnerability	VCID-3gxu-74a5-m7cv

vulnerability	VCID-3sqw-5cpa-5qgg

vulnerability	VCID-57uk-2vgz-kyhn

vulnerability	VCID-9xfd-d2ff-uuec

vulnerability	VCID-c3hd-njh3-b3bg

vulnerability	VCID-d7z6-98fp-r3g2

vulnerability	VCID-hvhe-s78h-p3bk

vulnerability	VCID-jhtd-7tmy-jfaj

vulnerability	VCID-jug9-esjy-8fh5

vulnerability	VCID-k8rq-jbrg-3qb3

vulnerability	VCID-p5sk-7xnp-fygg

vulnerability	VCID-v12d-fr9k-7ufu

vulnerability	VCID-vvth-cjt4-akg8

vulnerability	VCID-yd25-ket2-67d3

vulnerability	VCID-zy5d-6a4f-wua5

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.0

url pkg:gem/activerecord@3.1.12

purl pkg:gem/activerecord@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12f4-gcj5-h3cu

vulnerability	VCID-1r5t-n9ys-zbbu

vulnerability	VCID-2dgz-cqjx-bkaw

vulnerability	VCID-3gxu-74a5-m7cv

vulnerability	VCID-57uk-2vgz-kyhn

vulnerability	VCID-9xfd-d2ff-uuec

vulnerability	VCID-c3hd-njh3-b3bg

vulnerability	VCID-d7z6-98fp-r3g2

vulnerability	VCID-jhtd-7tmy-jfaj

vulnerability	VCID-jug9-esjy-8fh5

vulnerability	VCID-k8rq-jbrg-3qb3

vulnerability	VCID-v12d-fr9k-7ufu

vulnerability	VCID-zy5d-6a4f-wua5

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12

url pkg:gem/activerecord@3.2.13

purl pkg:gem/activerecord@3.2.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12f4-gcj5-h3cu

vulnerability	VCID-1r5t-n9ys-zbbu

vulnerability	VCID-2dgz-cqjx-bkaw

vulnerability	VCID-3gxu-74a5-m7cv

vulnerability	VCID-57uk-2vgz-kyhn

vulnerability	VCID-9xfd-d2ff-uuec

vulnerability	VCID-c3hd-njh3-b3bg

vulnerability	VCID-d7z6-98fp-r3g2

vulnerability	VCID-jhtd-7tmy-jfaj

vulnerability	VCID-jug9-esjy-8fh5

vulnerability	VCID-k8rq-jbrg-3qb3

vulnerability	VCID-v12d-fr9k-7ufu

vulnerability	VCID-zy5d-6a4f-wua5

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13

aliases CVE-2013-1854, GHSA-3crr-9vmg-864v, OSV-91453

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57uk-2vgz-kyhn

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.0

Package Instance