VulnerableCode Vulnerability Details - VCID-4epw-vk25-mfdw

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-4epw-vk25-mfdw

Essentials
Severities (26)
References (188)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4epw-vk25-mfdw
Aliases	CVE-2013-1855 GHSA-q759-hwvc-m3jg OSV-91452
Summary	XSS vulnerability in sanitize_css in Action Pack Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2013-0698.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-1863.html
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2013:0698
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2014:1863
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2013-1855
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2013-1855
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2013-1855
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2013-1855
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2013-1855
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2013-1855
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2013-1855
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2013-1855
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2013-1855
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=921331
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-q759-hwvc-m3jg
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml
generic_textual	MODERATE	https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2013-1855
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-1855
generic_textual	MODERATE	http://support.apple.com/kb/HT5784
generic_textual	MODERATE	https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
generic_textual	MODERATE	https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
generic_textual	MODERATE	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

Reference id	Reference type	URL
		http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
		http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
		http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
		http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
		http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
		http://rhn.redhat.com/errata/RHSA-2013-0698.html
		http://rhn.redhat.com/errata/RHSA-2014-1863.html
		https://access.redhat.com/errata/RHSA-2013:0698
		https://access.redhat.com/errata/RHSA-2014:1863
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json
		https://access.redhat.com/security/cve/CVE-2013-1855
		https://api.first.org/data/v1/epss?cve=CVE-2013-1855
		https://bugzilla.redhat.com/show_bug.cgi?id=921331
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml
		https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
		https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain
		https://nvd.nist.gov/vuln/detail/CVE-2013-1855
		http://support.apple.com/kb/HT5784
		https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
		https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
		http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
		http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
GHSA-q759-hwvc-m3jg		https://github.com/advisories/GHSA-q759-hwvc-m3jg
GLSA-201412-28		https://security.gentoo.org/glsa/201412-28

No exploits are available.

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-1855

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Percentile	0.67385
EPSS Score	0.00536
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:46:48.810208+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-1855.yml	38.0.0