Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.24%
46.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RubyGems | actionpack | 4.0.0 |
| rubyonrails | rails | 0, 4.0.0, 4.0.0 |
| n/a | n/a | n/a |
Timeline
- Dec 6, 2013 CVE Published
- Aug 8, 2019 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 28, 2022 EPSS Score
- May 19, 2022 EPSS Score
- Jul 10, 2022 EPSS Score
- Sep 1, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 14, 2022 EPSS Score
- Feb 4, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
References
- http://www.securityfocus.com/bid/64071 technical
- http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/ url
- [ruby-security-ann] 20131203 [CVE-2013-6416] XSS Vulnerability in simple_format helper mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2013-6416 advisory
- https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454 url
- https://github.com/rails/rails package
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml url
- https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM url
- https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071 url
- http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released url