Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1052884?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1052884?format=api", "purl": "pkg:deb/debian/rubygems@3.3.15-2%2Bdeb12u1", "type": "deb", "namespace": "debian", "name": "rubygems", "version": "3.3.15-2+deb12u1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48728?format=api", "vulnerability_id": "VCID-dy2a-n93k-yfgd", "summary": "Dependency Confusion in Bundler\nBundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36327.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36327.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96106", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96156", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96142", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96143", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96152", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96113", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96157", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.9612", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96125", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96135", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.24725", "scoring_system": "epss", "scoring_elements": "0.96139", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.25206", "scoring_system": "epss", "scoring_elements": "0.96204", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36327" }, { "reference_url": "https://bundler.io/blog/2021/02/15/a-more-secure-bundler-we-fixed-our-source-priorities.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bundler.io/blog/2021/02/15/a-more-secure-bundler-we-fixed-our-source-priorities.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36327", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36327" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubygems/rubygems", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems" }, { "reference_url": "https://github.com/rubygems/rubygems/blob/master/bundler/CHANGELOG.md#2218-may-25-2021", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems/blob/master/bundler/CHANGELOG.md#2218-may-25-2021" }, { "reference_url": "https://github.com/rubygems/rubygems/commit/078bf682ac40017b309b5fc69f283ff640e7c129", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems/commit/078bf682ac40017b309b5fc69f283ff640e7c129" }, { "reference_url": "https://github.com/rubygems/rubygems/issues/3982", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems/issues/3982" }, { "reference_url": "https://github.com/rubygems/rubygems/pull/4609", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems/pull/4609" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2020-36327.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2020-36327.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/" }, { "reference_url": "https://mensfeld.pl/2021/02/rubygems-dependency-confusion-attack-side-of-things", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mensfeld.pl/2021/02/rubygems-dependency-confusion-attack-side-of-things" }, { "reference_url": "https://mensfeld.pl/2021/02/rubygems-dependency-confusion-attack-side-of-things/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://mensfeld.pl/2021/02/rubygems-dependency-confusion-attack-side-of-things/" }, { "reference_url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24105", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24105" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36327", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36327" }, { "reference_url": "https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327" }, { "reference_url": "https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958999", "reference_id": "1958999", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958999" }, { "reference_url": "https://security.archlinux.org/ASA-202106-14", "reference_id": "ASA-202106-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-14" }, { "reference_url": "https://security.archlinux.org/AVG-1891", "reference_id": "AVG-1891", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1891" }, { "reference_url": "https://github.com/advisories/GHSA-fp4w-jxhp-m23p", "reference_id": "GHSA-fp4w-jxhp-m23p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fp4w-jxhp-m23p" }, { "reference_url": "https://security.gentoo.org/glsa/202408-22", "reference_id": "GLSA-202408-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3020", "reference_id": "RHSA-2021:3020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3559", "reference_id": "RHSA-2021:3559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3982", "reference_id": "RHSA-2021:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0543", "reference_id": "RHSA-2022:0543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0544", "reference_id": "RHSA-2022:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0545", "reference_id": "RHSA-2022:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0546", "reference_id": "RHSA-2022:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0547", "reference_id": "RHSA-2022:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0547" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0548", "reference_id": "RHSA-2022:0548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0581", "reference_id": "RHSA-2022:0581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0582", "reference_id": "RHSA-2022:0582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0708", "reference_id": "RHSA-2022:0708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0708" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052884?format=api", "purl": "pkg:deb/debian/rubygems@3.3.15-2%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.3.15-2%252Bdeb12u1" } ], "aliases": [ "CVE-2020-36327", "GHSA-fp4w-jxhp-m23p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dy2a-n93k-yfgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29314?format=api", "vulnerability_id": "VCID-n1ja-n53g-fycm", "summary": "URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+\nThere is a possibility for userinfo leakage by in the uri gem.\nThis vulnerability has been assigned the CVE identifier CVE-2025-27221. We recommend upgrading the uri gem.\n\n## Details\n\nThe methods `URI#join`, `URI#merge`, and `URI#+` retained userinfo, such as `user:password`, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using these methods, and having someone access that URL, an unintended userinfo leak could occur.\n\nPlease update URI gem to version 0.11.3, 0.12.4, 0.13.2, 1.0.3 or later.\n\n## Affected versions\n\nuri gem versions < 0.11.3, 0.12.0 to 0.12.3, 0.13.0, 0.13.1 and 1.0.0 to 1.0.2.\n\n## Credits\n\nThanks to Tsubasa Irisawa (lambdasawa) for discovering this issue.\nAlso thanks to nobu for additional fixes of this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27221.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1144", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11384", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30715", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33568", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33581", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33592", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35907", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37695", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37709", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38495", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38651", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27221" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:38:46Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml" }, { "reference_url": "https://github.com/ruby/uri", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/uri" }, { "reference_url": "https://github.com/ruby/uri/pull/154", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/uri/pull/154" }, { "reference_url": "https://github.com/ruby/uri/pull/155", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/uri/pull/155" }, { "reference_url": "https://github.com/ruby/uri/pull/156", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/uri/pull/156" }, { "reference_url": "https://github.com/ruby/uri/pull/157", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/uri/pull/157" }, { "reference_url": "https://hackerone.com/reports/2957667", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:38:46Z/" } ], "url": "https://hackerone.com/reports/2957667" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27221", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27221" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2025-27221", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2025-27221" }, { "reference_url": "https://www.ruby-lang.org/en/news/2025/02/26/security-advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.ruby-lang.org/en/news/2025/02/26/security-advisories" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103794", "reference_id": "1103794", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103794" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349700", "reference_id": "2349700", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349700" }, { "reference_url": "https://github.com/advisories/GHSA-22h5-pq3x-2gf2", "reference_id": "GHSA-22h5-pq3x-2gf2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-22h5-pq3x-2gf2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10217", "reference_id": "RHSA-2025:10217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4063", "reference_id": "RHSA-2025:4063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4488", "reference_id": "RHSA-2025:4488", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4488" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4493", "reference_id": "RHSA-2025:4493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8131", "reference_id": "RHSA-2025:8131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8131" }, { "reference_url": "https://usn.ubuntu.com/7418-1/", "reference_id": "USN-7418-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7418-1/" }, { "reference_url": "https://usn.ubuntu.com/7442-1/", "reference_id": "USN-7442-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7442-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052884?format=api", "purl": "pkg:deb/debian/rubygems@3.3.15-2%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.3.15-2%252Bdeb12u1" } ], "aliases": [ "CVE-2025-27221", "GHSA-22h5-pq3x-2gf2" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n1ja-n53g-fycm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17020?format=api", "vulnerability_id": "VCID-uxdx-abx7-fkdy", "summary": "Ruby URI component ReDoS issue\nA ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28755.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28755.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28755", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53634", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55292", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55304", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55291", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55241", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55263", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55239", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55265", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56541", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57963", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58615", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28755" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ruby/uri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/uri" }, { "reference_url": "https://github.com/ruby/uri/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/uri/releases" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z" }, { "reference_url": "https://security.gentoo.org/glsa/202401-27", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://security.gentoo.org/glsa/202401-27" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230526-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230526-0003" }, { "reference_url": "https://www.ruby-lang.org/en/downloads/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.ruby-lang.org/en/downloads/releases" }, { "reference_url": "https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released" }, { "reference_url": "https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036283", "reference_id": "1036283", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036283" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038408", "reference_id": "1038408", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184059", "reference_id": "2184059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184059" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF/", "reference_id": "27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28755", "reference_id": "CVE-2023-28755", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28755" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml", "reference_id": "CVE-2023-28755.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/", "reference_id": "FFZANOQA4RYX7XCB42OO3P24DQKWHEKA", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/", "reference_id": "G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/" }, { "reference_url": "https://github.com/advisories/GHSA-hv5j-3h9f-99c2", "reference_id": "GHSA-hv5j-3h9f-99c2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hv5j-3h9f-99c2" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230526-0003/", "reference_id": "ntap-20230526-0003", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230526-0003/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ/", "reference_id": "QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ/" }, { "reference_url": "https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/", "reference_id": "redos-in-uri-cve-2023-28755", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/" }, { "reference_url": "https://github.com/ruby/uri/releases/", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://github.com/ruby/uri/releases/" }, { "reference_url": "https://www.ruby-lang.org/en/downloads/releases/", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://www.ruby-lang.org/en/downloads/releases/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3291", "reference_id": "RHSA-2023:3291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3821", "reference_id": "RHSA-2023:3821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7025", "reference_id": "RHSA-2023:7025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1431", "reference_id": "RHSA-2024:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1576", "reference_id": "RHSA-2024:1576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3500", "reference_id": "RHSA-2024:3500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3838", "reference_id": "RHSA-2024:3838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3838" }, { "reference_url": "https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/", "reference_id": "ruby-3-2-0-released", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/" }, { "reference_url": "https://usn.ubuntu.com/6055-1/", "reference_id": "USN-6055-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6055-1/" }, { "reference_url": "https://usn.ubuntu.com/6055-2/", "reference_id": "USN-6055-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6055-2/" }, { "reference_url": "https://usn.ubuntu.com/6087-1/", "reference_id": "USN-6087-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6087-1/" }, { "reference_url": "https://usn.ubuntu.com/6181-1/", "reference_id": "USN-6181-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6181-1/" }, { "reference_url": "https://usn.ubuntu.com/6219-1/", "reference_id": "USN-6219-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6219-1/" }, { "reference_url": "https://usn.ubuntu.com/7735-1/", "reference_id": "USN-7735-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7735-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/", "reference_id": "WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:38:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052884?format=api", "purl": "pkg:deb/debian/rubygems@3.3.15-2%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.3.15-2%252Bdeb12u1" } ], "aliases": [ "CVE-2023-28755", "GHSA-hv5j-3h9f-99c2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxdx-abx7-fkdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11706?format=api", "vulnerability_id": "VCID-xbrw-47yv-wqcr", "summary": "Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.\nIn `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false.\n\nTo handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the\ncommands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables.\n\nSince this value comes from the `Gemfile` file, it can contain any character, including a leading dash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43809.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01319", "scoring_system": "epss", "scoring_elements": "0.79899", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.8149", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81363", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81372", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81394", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81393", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81421", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81427", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81448", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81436", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81429", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81466", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81467", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubygems/rubygems", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems" }, { "reference_url": "https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3" }, { "reference_url": "https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f" }, { "reference_url": "https://github.com/rubygems/rubygems/pull/5142", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems/pull/5142" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html" }, { "reference_url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035260", "reference_id": "2035260", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035260" }, { "reference_url": "https://security.archlinux.org/AVG-2615", "reference_id": "AVG-2615", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2615" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43809", "reference_id": "CVE-2021-43809", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43809" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml", "reference_id": "CVE-2021-43809.YML", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fj7f-vq84-fh43", "reference_id": "GHSA-fj7f-vq84-fh43", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fj7f-vq84-fh43" }, { "reference_url": "https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43", "reference_id": "GHSA-fj7f-vq84-fh43", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43" }, { "reference_url": "https://security.gentoo.org/glsa/202408-22", "reference_id": "GLSA-202408-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7539", "reference_id": "RHSA-2025:7539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7539" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052884?format=api", "purl": "pkg:deb/debian/rubygems@3.3.15-2%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.3.15-2%252Bdeb12u1" } ], "aliases": [ "CVE-2021-43809", "GHSA-fj7f-vq84-fh43" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbrw-47yv-wqcr" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.3.15-2%252Bdeb12u1" }