VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	HIGH	http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
epss	0.00689	https://api.first.org/data/v1/epss?cve=CVE-2011-0448
epss	0.00689	https://api.first.org/data/v1/epss?cve=CVE-2011-0448
epss	0.00689	https://api.first.org/data/v1/epss?cve=CVE-2011-0448
epss	0.00689	https://api.first.org/data/v1/epss?cve=CVE-2011-0448
epss	0.00689	https://api.first.org/data/v1/epss?cve=CVE-2011-0448
epss	0.00689	https://api.first.org/data/v1/epss?cve=CVE-2011-0448
epss	0.00689	https://api.first.org/data/v1/epss?cve=CVE-2011-0448
epss	0.00689	https://api.first.org/data/v1/epss?cve=CVE-2011-0448
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-jmm9-2p29-vh2w
generic_textual	HIGH	https://github.com/rails/rails
generic_textual	HIGH	https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2011-0448
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2011-0448
generic_textual	HIGH	https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
generic_textual	HIGH	http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

System

Score

Found at

generic_textual

HIGH

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

generic_textual

HIGH

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

epss

0.00689

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

epss

0.00689

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

epss

0.00689

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

epss

0.00689

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

epss

0.00689

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

epss

0.00689

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

epss

0.00689

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

epss

0.00689

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

cvssv3.1_qr

HIGH

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

generic_textual

HIGH

https://github.com/rails/rails

generic_textual

HIGH

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

generic_textual

HIGH

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

cvssv2

7.5

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

generic_textual

HIGH

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

generic_textual

HIGH

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

generic_textual

HIGH

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

Reference id	Reference type	URL
		http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
		http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
		https://api.first.org/data/v1/epss?cve=CVE-2011-0448
		http://secunia.com/advisories/43278
		http://securitytracker.com/id?1025063
		https://github.com/rails/rails
		https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
		https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
		http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
		http://www.vupen.com/english/advisories/2011/0877
cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
CVE-2011-0448		https://nvd.nist.gov/vuln/detail/CVE-2011-0448
GHSA-jmm9-2p29-vh2w		https://github.com/advisories/GHSA-jmm9-2p29-vh2w
GLSA-201412-28		https://security.gentoo.org/glsa/201412-28

Reference id

Reference type

URL

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

http://secunia.com/advisories/43278

http://securitytracker.com/id?1025063

https://github.com/rails/rails

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

http://www.vupen.com/english/advisories/2011/0877

cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

CVE-2011-0448

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

GHSA-jmm9-2p29-vh2w

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

GLSA-201412-28

https://security.gentoo.org/glsa/201412-28

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:47:27.902593+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2011-0448.yml	38.0.0

2026-04-01T12:47:27.902593+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2011-0448.yml

38.0.0

Vulnerability ID	VCID-y54w-a8kr-suhy
Aliases	CVE-2011-0448 GHSA-jmm9-2p29-vh2w
Summary	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Percentile	0.71712
EPSS Score	0.00689
Published At	April 7, 2026, 12:55 p.m.