VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-22mb-6waa-kqfs

Essentials
Severities (30)
References (21)
Severity details (27)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-22mb-6waa-kqfs
Aliases	CVE-2015-4410 GHSA-f93j-hmcr-jcwh
Summary	The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-185	Incorrect Regular Expression
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html
cvssv3.1	7.5	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html
cvssv3	7.5	http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
cvssv3.1	7.5	http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
generic_textual	HIGH	http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
epss	0.01937	https://api.first.org/data/v1/epss?cve=CVE-2015-4410
epss	0.01937	https://api.first.org/data/v1/epss?cve=CVE-2015-4410
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=1229757
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=1229757
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-f93j-hmcr-jcwh
cvssv3.1	7.5	https://github.com/mongoid/moped
generic_textual	HIGH	https://github.com/mongoid/moped
cvssv3.1	7.5	https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
generic_textual	HIGH	https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
cvssv3.1	7.5	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/moped/CVE-2015-4410.yml
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/moped/CVE-2015-4410.yml
cvssv3.1	7.5	https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html
generic_textual	HIGH	https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2015-4410
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2015-4410
cvssv3.1	7.5	https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
generic_textual	HIGH	https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
cvssv3.1	7.5	https://seclists.org/oss-sec/2015/q2/653
generic_textual	HIGH	https://seclists.org/oss-sec/2015/q2/653
cvssv3.1	7.5	https://web.archive.org/web/20200228085849/http://www.securityfocus.com/bid/75045
generic_textual	HIGH	https://web.archive.org/web/20200228085849/http://www.securityfocus.com/bid/75045
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2015/06/06/3
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2015/06/06/3

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html
		http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4410.json
		http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
		https://api.first.org/data/v1/epss?cve=CVE-2015-4410
		https://bugzilla.redhat.com/show_bug.cgi?id=1229757
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4410
		http://seclists.org/oss-sec/2015/q2/653
		https://github.com/mongoid/moped
		https://github.com/mongoid/moped/commit/276fbfd23c5ffb65e6bd18d564c8b6878c2498ac
		https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
		https://github.com/mongoid/moped/commit/fdaf918995526c1554d304af2da9f04c69187402
		https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html
		https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
		https://seclists.org/oss-sec/2015/q2/653
		https://web.archive.org/web/20200228085849/http://www.securityfocus.com/bid/75045
		http://www.openwall.com/lists/oss-security/2015/06/06/3
787951		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787951
CVE-2015-4410		https://nvd.nist.gov/vuln/detail/CVE-2015-4410
CVE-2015-4410.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/moped/CVE-2015-4410.yml
GHSA-f93j-hmcr-jcwh		https://github.com/advisories/GHSA-f93j-hmcr-jcwh

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1229757

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/mongoid/moped

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/moped/CVE-2015-4410.yml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-4410

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://seclists.org/oss-sec/2015/q2/653

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20200228085849/http://www.securityfocus.com/bid/75045

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2015/06/06/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.83795
EPSS Score	0.01937
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:25:27.045337+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0