Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/129235?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/129235?format=api", "purl": "pkg:rpm/redhat/ruby@1.8.5-5.el5_2?arch=3", "type": "rpm", "namespace": "redhat", "name": "ruby", "version": "1.8.5-5.el5_2", "qualifiers": { "arch": "3" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40987?format=api", "vulnerability_id": "VCID-5bte-uex2-f7du", "summary": "Multiple vulnerabilities have been discovered in Ruby that allow for\n attacks including arbitrary code execution and Denial of Service.", "references": [ { "reference_url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2664.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90958", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90872", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90877", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90887", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90908", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90915", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90924", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90922", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90947", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90945", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06265", "scoring_system": "epss", "scoring_elements": "0.90946", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2664" }, { "reference_url": "http://secunia.com/advisories/30802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30802" }, { "reference_url": "http://secunia.com/advisories/30831", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30831" }, { "reference_url": "http://secunia.com/advisories/30867", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30867" }, { "reference_url": "http://secunia.com/advisories/30875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30875" }, { "reference_url": "http://secunia.com/advisories/30894", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30894" }, { "reference_url": "http://secunia.com/advisories/31062", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31062" }, { "reference_url": "http://secunia.com/advisories/31090", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31090" }, { "reference_url": "http://secunia.com/advisories/31181", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31181" }, { "reference_url": "http://secunia.com/advisories/31256", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31256" }, { "reference_url": "http://secunia.com/advisories/31687", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31687" }, { "reference_url": "http://secunia.com/advisories/33178", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33178" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200812-17.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43348" }, { "reference_url": "https://issues.rpath.com/browse/RPL-2626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-2626" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html" }, { "reference_url": "https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities" }, { "reference_url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities" }, { "reference_url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", "reference_id": "", "reference_type": "", "scores": [], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1612" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1618" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" }, { "reference_url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html" }, { "reference_url": "http://www.ruby-forum.com/topic/157034", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-forum.com/topic/157034" }, { "reference_url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html" }, { "reference_url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/" }, { "reference_url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/29903", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/29903" }, { "reference_url": "http://www.securitytracker.com/id?1020347", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020347" }, { "reference_url": "http://www.ubuntu.com/usn/usn-621-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-621-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1907/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1907/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1981/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "reference_url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=450834", "reference_id": "450834", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450834" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2664", "reference_id": "CVE-2008-2664", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2664" }, { "reference_url": "https://security.gentoo.org/glsa/200812-17", "reference_id": "GLSA-200812-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200812-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0561", "reference_id": "RHSA-2008:0561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0562", "reference_id": "RHSA-2008:0562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0562" }, { "reference_url": "https://usn.ubuntu.com/621-1/", "reference_id": "USN-621-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/621-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2008-2664", "GHSA-c4h6-p7gp-39x2", "OSV-46552" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bte-uex2-f7du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40988?format=api", "vulnerability_id": "VCID-9gp6-pvw1-ufhs", "summary": "Multiple vulnerabilities have been discovered in Ruby that allow for\n attacks including arbitrary code execution and Denial of Service.", "references": [ { "reference_url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2725.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0249", "scoring_system": "epss", "scoring_elements": "0.85356", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0249", "scoring_system": "epss", "scoring_elements": "0.8532", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0249", "scoring_system": "epss", "scoring_elements": "0.85318", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0249", "scoring_system": "epss", "scoring_elements": "0.85315", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0249", "scoring_system": "epss", "scoring_elements": "0.85335", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0249", "scoring_system": "epss", "scoring_elements": "0.85336", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0249", "scoring_system": "epss", "scoring_elements": "0.85333", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0249", "scoring_system": "epss", "scoring_elements": "0.85305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03164", "scoring_system": "epss", "scoring_elements": "0.86873", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03164", "scoring_system": "epss", "scoring_elements": "0.86884", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03164", "scoring_system": "epss", "scoring_elements": "0.86902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03164", "scoring_system": "epss", "scoring_elements": "0.86897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03164", "scoring_system": "epss", "scoring_elements": "0.86917", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2725" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727" }, { "reference_url": "http://secunia.com/advisories/30802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30802" }, { "reference_url": "http://secunia.com/advisories/30831", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30831" }, { "reference_url": "http://secunia.com/advisories/30867", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30867" }, { "reference_url": "http://secunia.com/advisories/30875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30875" }, { "reference_url": "http://secunia.com/advisories/30894", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30894" }, { "reference_url": "http://secunia.com/advisories/31062", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31062" }, { "reference_url": "http://secunia.com/advisories/31090", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31090" }, { "reference_url": "http://secunia.com/advisories/31181", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31181" }, { "reference_url": "http://secunia.com/advisories/31256", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31256" }, { "reference_url": "http://secunia.com/advisories/31687", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31687" }, { "reference_url": "http://secunia.com/advisories/33178", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33178" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200812-17.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43350" }, { "reference_url": "https://issues.rpath.com/browse/RPL-2626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-2626" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html" }, { "reference_url": "https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities" }, { "reference_url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities" }, { "reference_url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", "reference_id": "", "reference_type": "", "scores": [], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1612" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1618" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" }, { "reference_url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/" }, { "reference_url": "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html" }, { "reference_url": "http://www.ruby-forum.com/topic/157034", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-forum.com/topic/157034" }, { "reference_url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html" }, { "reference_url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/" }, { "reference_url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/29903", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/29903" }, { "reference_url": "http://www.securitytracker.com/id?1020347", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020347" }, { "reference_url": "http://www.ubuntu.com/usn/usn-621-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-621-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1907/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1907/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1981/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "reference_url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=451821", "reference_id": "451821", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451821" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2725", "reference_id": "CVE-2008-2725", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2725" }, { "reference_url": "https://security.gentoo.org/glsa/200812-17", "reference_id": "GLSA-200812-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200812-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0561", "reference_id": "RHSA-2008:0561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0562", "reference_id": "RHSA-2008:0562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0562" }, { "reference_url": "https://usn.ubuntu.com/621-1/", "reference_id": "USN-621-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/621-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2008-2725", "GHSA-924x-9756-qq8p", "OSV-46553" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gp6-pvw1-ufhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40989?format=api", "vulnerability_id": "VCID-c9sy-czbr-tfer", "summary": "Multiple vulnerabilities have been discovered in Ruby that allow for\n attacks including arbitrary code execution and Denial of Service.", "references": [ { "reference_url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2726.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2726.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02819", "scoring_system": "epss", "scoring_elements": "0.86189", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02819", "scoring_system": "epss", "scoring_elements": "0.86158", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02819", "scoring_system": "epss", "scoring_elements": "0.86154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02819", "scoring_system": "epss", "scoring_elements": "0.86171", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02819", "scoring_system": "epss", "scoring_elements": "0.86176", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02819", "scoring_system": "epss", "scoring_elements": "0.86168", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02819", "scoring_system": "epss", "scoring_elements": "0.86145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02819", "scoring_system": "epss", "scoring_elements": "0.86159", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02858", "scoring_system": "epss", "scoring_elements": "0.86182", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02858", "scoring_system": "epss", "scoring_elements": "0.86192", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02858", "scoring_system": "epss", "scoring_elements": "0.86206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02858", "scoring_system": "epss", "scoring_elements": "0.86225", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2726" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657" }, { "reference_url": "http://secunia.com/advisories/30802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30802" }, { "reference_url": "http://secunia.com/advisories/30831", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30831" }, { "reference_url": "http://secunia.com/advisories/30867", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30867" }, { "reference_url": "http://secunia.com/advisories/30875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30875" }, { "reference_url": "http://secunia.com/advisories/30894", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30894" }, { "reference_url": "http://secunia.com/advisories/31062", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31062" }, { "reference_url": "http://secunia.com/advisories/31090", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31090" }, { "reference_url": "http://secunia.com/advisories/31181", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31181" }, { "reference_url": "http://secunia.com/advisories/31256", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31256" }, { "reference_url": "http://secunia.com/advisories/31687", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31687" }, { "reference_url": "http://secunia.com/advisories/33178", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33178" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200812-17.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351" }, { "reference_url": "https://issues.rpath.com/browse/RPL-2626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-2626" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html" }, { "reference_url": "https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities" }, { "reference_url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities" }, { "reference_url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", "reference_id": "", "reference_type": "", "scores": [], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1612" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1618" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" }, { "reference_url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/" }, { "reference_url": "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html" }, { "reference_url": "http://www.ruby-forum.com/topic/157034", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-forum.com/topic/157034" }, { "reference_url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html" }, { "reference_url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/" }, { "reference_url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/29903", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/29903" }, { "reference_url": "http://www.securitytracker.com/id?1020347", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020347" }, { "reference_url": "http://www.ubuntu.com/usn/usn-621-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-621-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1907/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1907/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1981/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "reference_url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=451828", "reference_id": "451828", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451828" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2726", "reference_id": "CVE-2008-2726", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2726" }, { "reference_url": "https://security.gentoo.org/glsa/200812-17", "reference_id": "GLSA-200812-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200812-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0561", "reference_id": "RHSA-2008:0561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0562", "reference_id": "RHSA-2008:0562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0562" }, { "reference_url": "https://usn.ubuntu.com/621-1/", "reference_id": "USN-621-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/621-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2008-2726", "GHSA-v2mw-g73g-923h", "OSV-46554" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9sy-czbr-tfer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40985?format=api", "vulnerability_id": "VCID-jx79-wpg7-2yaa", "summary": "Multiple vulnerabilities have been discovered in Ruby that allow for\n attacks including arbitrary code execution and Denial of Service.", "references": [ { "reference_url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2662.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2662.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.86072", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.85973", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.85985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.86001", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.86", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.8602", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.8603", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.86044", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.86042", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.86037", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.86055", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.8606", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02771", "scoring_system": "epss", "scoring_elements": "0.86052", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2662" }, { "reference_url": "http://secunia.com/advisories/30802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30802" }, { "reference_url": "http://secunia.com/advisories/30831", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30831" }, { "reference_url": "http://secunia.com/advisories/30867", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30867" }, { "reference_url": "http://secunia.com/advisories/30875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30875" }, { "reference_url": "http://secunia.com/advisories/30894", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30894" }, { "reference_url": "http://secunia.com/advisories/31062", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31062" }, { "reference_url": "http://secunia.com/advisories/31181", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31181" }, { "reference_url": "http://secunia.com/advisories/31256", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31256" }, { "reference_url": "http://secunia.com/advisories/31687", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31687" }, { "reference_url": "http://secunia.com/advisories/33178", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33178" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200812-17.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345" }, { "reference_url": "https://issues.rpath.com/browse/RPL-2626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-2626" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601" }, { "reference_url": "https://rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "https://rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html" }, { "reference_url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities" }, { "reference_url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", "reference_id": "", "reference_type": "", "scores": [], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1612" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1618" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" }, { "reference_url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html" }, { "reference_url": "http://www.ruby-forum.com/topic/157034", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-forum.com/topic/157034" }, { "reference_url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html" }, { "reference_url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/" }, { "reference_url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/29903", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/29903" }, { "reference_url": "http://www.securitytracker.com/id?1020347", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020347" }, { "reference_url": "http://www.ubuntu.com/usn/usn-621-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-621-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1907/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1907/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1981/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "reference_url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=450821", "reference_id": "450821", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450821" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2662", "reference_id": "CVE-2008-2662", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2662" }, { "reference_url": "https://security.gentoo.org/glsa/200812-17", "reference_id": "GLSA-200812-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200812-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0561", "reference_id": "RHSA-2008:0561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0561" }, { "reference_url": "https://usn.ubuntu.com/621-1/", "reference_id": "USN-621-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/621-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2008-2662", "GHSA-6wwf-x53r-5qqq", "OSV-46550" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jx79-wpg7-2yaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40986?format=api", "vulnerability_id": "VCID-mzqm-gc4w-fbfp", "summary": "Multiple vulnerabilities have been discovered in Ruby that allow for\n attacks including arbitrary code execution and Denial of Service.", "references": [ { "reference_url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2663.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87217", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.8713", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.8714", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87157", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87154", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87174", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87182", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87195", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87189", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87185", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.872", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87205", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03283", "scoring_system": "epss", "scoring_elements": "0.87199", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2663" }, { "reference_url": "http://secunia.com/advisories/30802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30802" }, { "reference_url": "http://secunia.com/advisories/30831", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30831" }, { "reference_url": "http://secunia.com/advisories/30867", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30867" }, { "reference_url": "http://secunia.com/advisories/30875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30875" }, { "reference_url": "http://secunia.com/advisories/30894", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30894" }, { "reference_url": "http://secunia.com/advisories/31062", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31062" }, { "reference_url": "http://secunia.com/advisories/31090", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31090" }, { "reference_url": "http://secunia.com/advisories/31181", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31181" }, { "reference_url": "http://secunia.com/advisories/31256", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31256" }, { "reference_url": "http://secunia.com/advisories/31687", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31687" }, { "reference_url": "http://secunia.com/advisories/33178", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33178" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200812-17.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43346" }, { "reference_url": "https://issues.rpath.com/browse/RPL-2626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-2626" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html" }, { "reference_url": "https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities" }, { "reference_url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities" }, { "reference_url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", "reference_id": "", "reference_type": "", "scores": [], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1612" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1618" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" }, { "reference_url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html" }, { "reference_url": "http://www.ruby-forum.com/topic/157034", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-forum.com/topic/157034" }, { "reference_url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html" }, { "reference_url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/" }, { "reference_url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/29903", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/29903" }, { "reference_url": "http://www.securitytracker.com/id?1020347", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020347" }, { "reference_url": "http://www.ubuntu.com/usn/usn-621-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-621-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1907/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1907/references" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1981/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1981/references" }, { "reference_url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=450825", "reference_id": "450825", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450825" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2663", "reference_id": "CVE-2008-2663", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2663" }, { "reference_url": "https://security.gentoo.org/glsa/200812-17", "reference_id": "GLSA-200812-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200812-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0561", "reference_id": "RHSA-2008:0561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0562", "reference_id": "RHSA-2008:0562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0562" }, { "reference_url": "https://usn.ubuntu.com/621-1/", "reference_id": "USN-621-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/621-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2008-2663", "GHSA-8rh4-h2wx-5jpx", "OSV-46551" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mzqm-gc4w-fbfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40984?format=api", "vulnerability_id": "VCID-nsa4-b31c-37g2", "summary": "Multiple vulnerabilities have been discovered in Ruby that allow for\n attacks including arbitrary code execution and Denial of Service.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2376.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.93584", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.93515", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.93524", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.93532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.9354", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.93543", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.93549", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.93569", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.93574", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11359", "scoring_system": "epss", "scoring_elements": "0.93579", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2376" }, { "reference_url": "http://secunia.com/advisories/30927", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30927" }, { "reference_url": "http://secunia.com/advisories/31006", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31006" }, { "reference_url": "http://secunia.com/advisories/31062", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31062" }, { "reference_url": "http://secunia.com/advisories/31090", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31090" }, { "reference_url": "http://secunia.com/advisories/31181", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31181" }, { "reference_url": "http://secunia.com/advisories/31256", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31256" }, { "reference_url": "http://secunia.com/advisories/32219", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32219" }, { "reference_url": "http://secunia.com/advisories/33178", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33178" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200812-17.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" }, { "reference_url": "https://issues.rpath.com/browse/RPL-2639", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-2639" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2376", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2376" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863" }, { "reference_url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html" }, { "reference_url": "http://wiki.rpath.com/Advisories:rPSA-2008-0218", "reference_id": "", "reference_type": "", "scores": [], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0218" }, { "reference_url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218", "reference_id": "", "reference_type": "", "scores": [], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1612" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1618" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/07/02/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2008/07/02/3" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/494104/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/494104/100/0/threaded" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2584", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2584" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=453589", "reference_id": "453589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=453589" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6.230:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ruby-lang:ruby:1.8.6.230:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6.230:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_8:1.8.6.230:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:fedora_8:1.8.6.230:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_8:1.8.6.230:*:*:*:*:*:*:*" }, { "reference_url": "https://security.gentoo.org/glsa/200812-17", "reference_id": "GLSA-200812-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200812-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0561", "reference_id": "RHSA-2008:0561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0562", "reference_id": "RHSA-2008:0562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0562" }, { "reference_url": "https://usn.ubuntu.com/651-1/", "reference_id": "USN-651-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/651-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2008-2376", "GHSA-f7wf-fwmg-r7g3" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nsa4-b31c-37g2" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@1.8.5-5.el5_2%3Farch=3" }