{"url":"http://public2.vulnerablecode.io/api/packages/937492?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie","type":"deb","namespace":"debian","name":"rails","version":"2:6.1.7.3+dfsg-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2:6.1.7.10+dfsg-1~deb12u1","latest_non_vulnerable_version":"2:7.2.3.1+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17833?format=json","vulnerability_id":"VCID-19fr-55kr-hyax","summary":"rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements\nNOTE: rails-ujs is part of Rails/actionview since 5.1.0.\n\nThere is a potential DOM based cross-site scripting issue in rails-ujs\nwhich leverages the Clipboard API to target HTML elements that are\nassigned the contenteditable attribute. This has the potential to\noccur when pasting malicious HTML content from the clipboard that\nincludes a data-method, data-remote or data-disable-with attribute.\n\nThis vulnerability has been assigned the CVE identifier CVE-2023-23913.\n\nNot affected: < 5.1.0\nVersions Affected: >= 5.1.0\nFixed Versions: 6.1.7.3, 7.0.4.3\n\nImpact\nIf the specified malicious HTML clipboard content is provided to a\ncontenteditable element, this could result in the arbitrary execution\nof javascript on the origin in question.\n\nReleases\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\nWe recommend that all users upgrade to one of the FIXED versions.\nIn the meantime, users can attempt to mitigate this vulnerability\nby removing the contenteditable attribute from elements in pages\nthat rails-ujs will interact with.\n\nPatches\nTo aid users who aren’t able to upgrade immediately we have provided\npatches for the two supported release series. They are in git-am\nformat and consist of a single changeset.\n\n* rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series\n* rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series\n\nPlease note that only the 7.0.Z and 6.1.Z series are\nsupported at present, and 6.0.Z for severe vulnerabilities.\n\nUsers of earlier unsupported releases are advised to upgrade as\nsoon as possible as we cannot guarantee the continued availability\nof security fixes for unsupported releases.\n\nCredits\nWe would like to thank ryotak 15 for reporting this!\n\n* rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)\n* rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)\n* rails-ujs-data-method-contenteditable-main.patch (8.9 KB)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23913","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30226","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30269","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3017","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30353","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35481","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35918","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35905","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35856","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35596","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35509","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35394","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35465","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35486","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35392","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35414","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23913"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd"},{"reference_url":"https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240605-0007","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240605-0007"},{"reference_url":"https://www.debian.org/security/2023/dsa-5389","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://www.debian.org/security/2023/dsa-5389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182160","reference_id":"2182160","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182160"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23913","reference_id":"CVE-2023-23913","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23913"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml","reference_id":"CVE-2023-23913.YML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml"},{"reference_url":"https://github.com/advisories/GHSA-xp5h-f8jf-rc8q","reference_id":"GHSA-xp5h-f8jf-rc8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xp5h-f8jf-rc8q"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240605-0007/","reference_id":"ntap-20240605-0007","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240605-0007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937455?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-n8r7-wthv-fqaj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937492?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937453?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937458?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937456?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937457?format=json","purl":"pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066847?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-23913","GHSA-xp5h-f8jf-rc8q"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19fr-55kr-hyax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16802?format=json","vulnerability_id":"VCID-1rxp-g9rz-4yb3","summary":"Possible XSS Security Vulnerability in SafeBuffer#bytesplice\nThere is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.\nThis vulnerability has been assigned the CVE identifier CVE-2023-28120.\n\nVersions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3\n\n# Impact\n\nActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized.\nWhen these strings are mutated, the tag is should be removed to mark them as no longer being html_safe.\n\nRuby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation.\nUsers on older versions of Ruby are likely unaffected.\n\nAll users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately.\n\n# Workarounds\n\nAvoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28120","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60317","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60411","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6037","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60389","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60403","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60323","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60366","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60349","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60402","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60356","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60397","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60409","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60394","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60419","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61162","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61135","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61173","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6122","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0006","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0006"},{"reference_url":"https://www.debian.org/security/2023/dsa-5389","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://www.debian.org/security/2023/dsa-5389"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262","reference_id":"1033262","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179637","reference_id":"2179637","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179637"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28120","reference_id":"CVE-2023-28120","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28120"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml","reference_id":"CVE-2023-28120.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml"},{"reference_url":"https://github.com/advisories/GHSA-pj73-v5mw-pm9j","reference_id":"GHSA-pj73-v5mw-pm9j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj73-v5mw-pm9j"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0006/","reference_id":"ntap-20240202-0006","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240202-0006/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1953","reference_id":"RHSA-2023:1953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3495","reference_id":"RHSA-2023:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3495"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/","reference_id":"UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/","reference_id":"ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937455?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-n8r7-wthv-fqaj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937492?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937453?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937458?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937456?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937457?format=json","purl":"pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066847?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-28120","GHSA-pj73-v5mw-pm9j","GMS-2023-765"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rxp-g9rz-4yb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16106?format=json","vulnerability_id":"VCID-63gy-6njy-kbd8","summary":"ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792","reference_id":"","reference_type":"","scores":[{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.84791","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.84759","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.84743","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.84747","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.8473","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.84704","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.8469","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.84652","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02264","scoring_system":"epss","scoring_elements":"0.8468","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85663","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85646","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.8567","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85689","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85701","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85715","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85711","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85707","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85729","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85734","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007"},{"reference_url":"https://www.debian.org/security/2023/dsa-5372","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://www.debian.org/security/2023/dsa-5372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800","reference_id":"2164800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164800"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792","reference_id":"CVE-2023-22792","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22792"},{"reference_url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj","reference_id":"GHSA-p84v-45xj-wwqj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p84v-45xj-wwqj"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0007/","reference_id":"ntap-20240202-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240202-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937488?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937455?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-n8r7-wthv-fqaj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937492?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937453?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937458?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937456?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937457?format=json","purl":"pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066847?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-22792","GHSA-p84v-45xj-wwqj","GMS-2023-58"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63gy-6njy-kbd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16095?format=json","vulnerability_id":"VCID-6ku5-mtgz-zygw","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22796","reference_id":"","reference_type":"","scores":[{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81201","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81159","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81141","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81146","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81123","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81101","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81087","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81079","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81049","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01484","scoring_system":"epss","scoring_elements":"0.81071","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.8242","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.82406","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.82424","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.82448","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.82454","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.82473","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.82468","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.82463","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.825","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8"},{"reference_url":"https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164736","reference_id":"2164736","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164736"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22796","reference_id":"CVE-2023-22796","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22796"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml","reference_id":"CVE-2023-22796.YML","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml"},{"reference_url":"https://github.com/advisories/GHSA-j6gc-792m-qgm2","reference_id":"GHSA-j6gc-792m-qgm2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6gc-792m-qgm2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0009/","reference_id":"ntap-20240202-0009","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240202-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4341","reference_id":"RHSA-2023:4341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937488?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937455?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-n8r7-wthv-fqaj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937492?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937453?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937458?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937456?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937457?format=json","purl":"pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066847?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-22796","GHSA-j6gc-792m-qgm2","GMS-2023-61"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ku5-mtgz-zygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16390?format=json","vulnerability_id":"VCID-hppf-a715-r7b2","summary":"ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795","reference_id":"","reference_type":"","scores":[{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.7994","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.79902","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.79885","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.79889","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.79782","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.79848","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.79834","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.79819","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.79812","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.79873","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81267","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.8121","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81234","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81262","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81288","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81274","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81266","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81303","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01523","scoring_system":"epss","scoring_elements":"0.81305","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f"},{"reference_url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0"},{"reference_url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799","reference_id":"2164799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164799"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795","reference_id":"CVE-2023-22795","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22795"},{"reference_url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv","reference_id":"GHSA-8xww-x3g3-6jcv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xww-x3g3-6jcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937488?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937455?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-n8r7-wthv-fqaj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937492?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937453?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937458?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937456?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937457?format=json","purl":"pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066847?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-22795","GHSA-8xww-x3g3-6jcv","GMS-2023-56"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hppf-a715-r7b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16096?format=json","vulnerability_id":"VCID-sygb-mygd-s3gb","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44566","reference_id":"","reference_type":"","scores":[{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81448","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81507","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81511","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81489","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.8147","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81452","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81565","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81525","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.8144","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02076","scoring_system":"epss","scoring_elements":"0.83996","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.85113","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.8507","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.85087","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.8512","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.85091","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.85153","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.8515","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.85129","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.85132","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02421","scoring_system":"epss","scoring_elements":"0.85134","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44566"},{"reference_url":"https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/"}],"url":"https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf"},{"reference_url":"https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid"},{"reference_url":"https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164789","reference_id":"2164789","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164789"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44566","reference_id":"CVE-2022-44566","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44566"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml","reference_id":"CVE-2022-44566.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml"},{"reference_url":"https://github.com/advisories/GHSA-579w-22j4-4749","reference_id":"GHSA-579w-22j4-4749","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-579w-22j4-4749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937455?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-n8r7-wthv-fqaj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937493?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937492?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937453?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937458?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937456?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937457?format=json","purl":"pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066847?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-44566","GHSA-579w-22j4-4749","GMS-2023-59"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sygb-mygd-s3gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16111?format=json","vulnerability_id":"VCID-t9yh-ss8z-e3cb","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22794","reference_id":"","reference_type":"","scores":[{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90545","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90531","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90522","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90525","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90477","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90514","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90496","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90489","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05757","scoring_system":"epss","scoring_elements":"0.90485","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06659","scoring_system":"epss","scoring_elements":"0.91179","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06659","scoring_system":"epss","scoring_elements":"0.9117","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06659","scoring_system":"epss","scoring_elements":"0.91186","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06659","scoring_system":"epss","scoring_elements":"0.91239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06659","scoring_system":"epss","scoring_elements":"0.9124","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06659","scoring_system":"epss","scoring_elements":"0.91216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06659","scoring_system":"epss","scoring_elements":"0.91213","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06659","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06659","scoring_system":"epss","scoring_elements":"0.912","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0008","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240202-0008"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240202-0008/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20240202-0008/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5372","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164785","reference_id":"2164785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164785"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22794","reference_id":"CVE-2023-22794","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22794"},{"reference_url":"https://github.com/advisories/GHSA-hq7p-j377-6v63","reference_id":"GHSA-hq7p-j377-6v63","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hq7p-j377-6v63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937488?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937455?format=json","purl":"pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-n8r7-wthv-fqaj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937492?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937453?format=json","purl":"pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937458?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937456?format=json","purl":"pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937457?format=json","purl":"pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4tzv-1t1b-t3g3"},{"vulnerability":"VCID-5tky-d2en-u7c7"},{"vulnerability":"VCID-96qr-hdbp-p7ff"},{"vulnerability":"VCID-a6z9-5n6k-2kak"},{"vulnerability":"VCID-ad6q-vtdf-syb6"},{"vulnerability":"VCID-hatd-vkun-13hj"},{"vulnerability":"VCID-qxe4-dubt-1kfp"},{"vulnerability":"VCID-sarm-n22v-akcm"},{"vulnerability":"VCID-wpmk-wgpm-cuee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066847?format=json","purl":"pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-22794","GHSA-hq7p-j377-6v63","GMS-2023-60"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9yh-ss8z-e3cb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie"}