Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionpack@4.2
Typegem
Namespace
Nameactionpack
Version4.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.1.2.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-7spd-zybv-pbgm
vulnerability_id VCID-7spd-zybv-pbgm
summary 
Possible Information Leak Vulnerability
Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2097
reference_id
reference_type
scores
0
value 0.01912
scoring_system epss
scoring_elements 0.83633
published_at 2026-06-04T12:55:00Z
1
value 0.01912
scoring_system epss
scoring_elements 0.83657
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2097
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml
12
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
13
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
14
reference_url https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122
15
reference_url https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726
16
reference_url https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
17
reference_url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released
18
reference_url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
19
reference_url http://www.debian.org/security/2016/dsa-3509
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3509
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1310043
reference_id 1310043
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1310043
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2097
reference_id CVE-2016-2097
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2097
22
reference_url https://github.com/advisories/GHSA-vx9j-46rh-fqr8
reference_id GHSA-vx9j-46rh-fqr8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vx9j-46rh-fqr8
23
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
24
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
25
reference_url https://access.redhat.com/errata/RHSA-2016:0456
reference_id RHSA-2016:0456
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0456
fixed_packages
aliases CVE-2016-2097, GHSA-vx9j-46rh-fqr8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7spd-zybv-pbgm
1
url VCID-xvsy-e7fv-1ufe
vulnerability_id VCID-xvsy-e7fv-1ufe
summary 
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7818
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44743
published_at 2026-06-05T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.4475
published_at 2026-06-06T12:55:00Z
2
value 0.0022
scoring_system epss
scoring_elements 0.44674
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7818
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818
4
reference_url https://github.com/advisories/GHSA-29gr-w57f-rpfw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-29gr-w57f-rpfw
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml
6
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ
7
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7818
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7818
9
reference_url https://puppet.com/security/cve/cve-2014-7829
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2014-7829
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1161499
reference_id 1161499
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1161499
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
reference_id 770934
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
fixed_packages
aliases CVE-2014-7818, GHSA-29gr-w57f-rpfw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvsy-e7fv-1ufe
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2