Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/ruby@2.0.0.648-37?arch=el7_4
Typerpm
Namespaceredhat
Nameruby
Version2.0.0.648-37
Qualifiers
arch el7_4
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1ab1-3xjd-aqbp
vulnerability_id VCID-1ab1-3xjd-aqbp
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in RubyGems. Since `Gem::CommandManager#run` calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8325.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8325.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-8325
reference_id
reference_type
scores
0
value 0.00321
scoring_system epss
scoring_elements 0.55514
published_at 2026-06-05T12:55:00Z
1
value 0.00326
scoring_system epss
scoring_elements 0.55846
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-8325
3
reference_url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8325.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8325.yml
12
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1692522
reference_id 1692522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1692522
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
reference_id 925987
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-8325
reference_id CVE-2019-8325
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-8325
16
reference_url https://github.com/advisories/GHSA-4wm8-fjv7-j774
reference_id GHSA-4wm8-fjv7-j774
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4wm8-fjv7-j774
17
reference_url https://access.redhat.com/errata/RHSA-2019:1148
reference_id RHSA-2019:1148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1148
18
reference_url https://access.redhat.com/errata/RHSA-2019:1150
reference_id RHSA-2019:1150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1150
19
reference_url https://access.redhat.com/errata/RHSA-2019:1235
reference_id RHSA-2019:1235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1235
20
reference_url https://access.redhat.com/errata/RHSA-2020:2769
reference_id RHSA-2020:2769
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2769
21
reference_url https://usn.ubuntu.com/3945-1/
reference_id USN-3945-1
reference_type
scores
url https://usn.ubuntu.com/3945-1/
fixed_packages
aliases CVE-2019-8325, GHSA-4wm8-fjv7-j774
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ab1-3xjd-aqbp
1
url VCID-buqt-chxx-nqf9
vulnerability_id VCID-buqt-chxx-nqf9
summary 
Tainted flags not always propogated in Array#pack and String#unpack
In `Array#pack` and `String#unpack` with some formats, the tainted flags of
the original data are not propagated to the returned string/array.

`Array#pack` method converts the receiver’s contents into a string with
specified format. If the receiver contains some tainted objects, the
returned string also should be tainted. `String#unpack` method which
converts the receiver into an array also should propagate its tainted flag
to the objects contained in the returned array. But, with `B`, `b`, `H` and
`h` directives, the tainted flags are not propagated. So, if a script
processes unreliable inputs by `Array#pack` and/or `String#unpack` with these
directives and checks the reliability with tainted flags, the check might be
wrong.

All users running an affected release should upgrade immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16396.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16396.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16396
reference_id
reference_type
scores
0
value 0.03126
scoring_system epss
scoring_elements 0.87095
published_at 2026-06-04T12:55:00Z
1
value 0.03126
scoring_system epss
scoring_elements 0.87117
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16396
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements
url https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1643089
reference_id 1643089
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1643089
7
reference_url https://access.redhat.com/errata/RHSA-2020:2769
reference_id RHSA-2020:2769
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2769
8
reference_url https://access.redhat.com/errata/RHSA-2020:2839
reference_id RHSA-2020:2839
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2839
9
reference_url https://usn.ubuntu.com/3808-1/
reference_id USN-3808-1
reference_type
scores
url https://usn.ubuntu.com/3808-1/
fixed_packages
aliases CVE-2018-16396, GHSA-xh4x-ph6p-vmxh
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-buqt-chxx-nqf9
2
url VCID-hyvx-ab9s-uyby
vulnerability_id VCID-hyvx-ab9s-uyby
summary 
Argument Injection or Modification
An issue was discovered in RubyGems. Since `Gem::UserInteraction#verbose` calls say without escaping, escape sequence injection is possible.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8321.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8321.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-8321
reference_id
reference_type
scores
0
value 0.00321
scoring_system epss
scoring_elements 0.55514
published_at 2026-06-05T12:55:00Z
1
value 0.00326
scoring_system epss
scoring_elements 0.55846
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-8321
3
reference_url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8321.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8321.yml
12
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1692514
reference_id 1692514
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1692514
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
reference_id 925987
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-8321
reference_id CVE-2019-8321
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-8321
16
reference_url https://github.com/advisories/GHSA-fr32-gr5c-xq5c
reference_id GHSA-fr32-gr5c-xq5c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fr32-gr5c-xq5c
17
reference_url https://access.redhat.com/errata/RHSA-2019:1148
reference_id RHSA-2019:1148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1148
18
reference_url https://access.redhat.com/errata/RHSA-2019:1150
reference_id RHSA-2019:1150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1150
19
reference_url https://access.redhat.com/errata/RHSA-2019:1235
reference_id RHSA-2019:1235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1235
20
reference_url https://access.redhat.com/errata/RHSA-2020:2769
reference_id RHSA-2020:2769
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2769
21
reference_url https://usn.ubuntu.com/3945-1/
reference_id USN-3945-1
reference_type
scores
url https://usn.ubuntu.com/3945-1/
fixed_packages
aliases CVE-2019-8321, GHSA-fr32-gr5c-xq5c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyvx-ab9s-uyby
3
url VCID-k7u9-hhnh-m7f5
vulnerability_id VCID-k7u9-hhnh-m7f5
summary 
Injection Vulnerability
An issue was discovered in RubyGems. `Gem::GemcutterUtilities#with_response` may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8323.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8323.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-8323
reference_id
reference_type
scores
0
value 0.00321
scoring_system epss
scoring_elements 0.55514
published_at 2026-06-05T12:55:00Z
1
value 0.00326
scoring_system epss
scoring_elements 0.55846
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-8323
3
reference_url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8323.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8323.yml
12
reference_url https://hackerone.com/reports/315081
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/315081
13
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1692519
reference_id 1692519
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1692519
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
reference_id 925987
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-8323
reference_id CVE-2019-8323
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-8323
17
reference_url https://github.com/advisories/GHSA-3h4r-pjv6-cph9
reference_id GHSA-3h4r-pjv6-cph9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3h4r-pjv6-cph9
18
reference_url https://access.redhat.com/errata/RHSA-2019:1148
reference_id RHSA-2019:1148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1148
19
reference_url https://access.redhat.com/errata/RHSA-2019:1150
reference_id RHSA-2019:1150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1150
20
reference_url https://access.redhat.com/errata/RHSA-2019:1235
reference_id RHSA-2019:1235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1235
21
reference_url https://access.redhat.com/errata/RHSA-2020:2769
reference_id RHSA-2020:2769
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2769
22
reference_url https://usn.ubuntu.com/3945-1/
reference_id USN-3945-1
reference_type
scores
url https://usn.ubuntu.com/3945-1/
fixed_packages
aliases CVE-2019-8323, GHSA-3h4r-pjv6-cph9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7u9-hhnh-m7f5
4
url VCID-kxbg-rg3f-ruad
vulnerability_id VCID-kxbg-rg3f-ruad
summary 
Improper Input Validation
A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is evaluated by `ensure_loadable_spec` during the pre-installation check.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:1972
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1972
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8324.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8324.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-8324
reference_id
reference_type
scores
0
value 0.00501
scoring_system epss
scoring_elements 0.66346
published_at 2026-06-04T12:55:00Z
1
value 0.00501
scoring_system epss
scoring_elements 0.66397
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-8324
4
reference_url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8324.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8324.yml
13
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1692520
reference_id 1692520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1692520
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
reference_id 925987
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-8324
reference_id CVE-2019-8324
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-8324
17
reference_url https://github.com/advisories/GHSA-76wm-422q-92mq
reference_id GHSA-76wm-422q-92mq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76wm-422q-92mq
18
reference_url https://access.redhat.com/errata/RHSA-2019:1148
reference_id RHSA-2019:1148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1148
19
reference_url https://access.redhat.com/errata/RHSA-2019:1150
reference_id RHSA-2019:1150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1150
20
reference_url https://access.redhat.com/errata/RHSA-2019:1151
reference_id RHSA-2019:1151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1151
21
reference_url https://access.redhat.com/errata/RHSA-2019:1235
reference_id RHSA-2019:1235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1235
22
reference_url https://access.redhat.com/errata/RHSA-2020:2769
reference_id RHSA-2020:2769
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2769
23
reference_url https://usn.ubuntu.com/3945-1/
reference_id USN-3945-1
reference_type
scores
url https://usn.ubuntu.com/3945-1/
fixed_packages
aliases CVE-2019-8324, GHSA-76wm-422q-92mq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxbg-rg3f-ruad
5
url VCID-rpe2-d8ht-u3ht
vulnerability_id VCID-rpe2-d8ht-u3ht
summary 
Injection Vulnerability
An issue was discovered in RubyGems. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8322.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8322.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-8322
reference_id
reference_type
scores
0
value 0.00321
scoring_system epss
scoring_elements 0.55514
published_at 2026-06-05T12:55:00Z
1
value 0.00326
scoring_system epss
scoring_elements 0.55846
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-8322
3
reference_url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8322.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8322.yml
12
reference_url https://hackerone.com/reports/315087
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/315087
13
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1692516
reference_id 1692516
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1692516
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
reference_id 925987
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-8322
reference_id CVE-2019-8322
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-8322
17
reference_url https://github.com/advisories/GHSA-mh37-8c3g-3fgc
reference_id GHSA-mh37-8c3g-3fgc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mh37-8c3g-3fgc
18
reference_url https://access.redhat.com/errata/RHSA-2019:1148
reference_id RHSA-2019:1148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1148
19
reference_url https://access.redhat.com/errata/RHSA-2019:1150
reference_id RHSA-2019:1150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1150
20
reference_url https://access.redhat.com/errata/RHSA-2019:1235
reference_id RHSA-2019:1235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1235
21
reference_url https://access.redhat.com/errata/RHSA-2020:2769
reference_id RHSA-2020:2769
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2769
22
reference_url https://usn.ubuntu.com/3945-1/
reference_id USN-3945-1
reference_type
scores
url https://usn.ubuntu.com/3945-1/
fixed_packages
aliases CVE-2019-8322, GHSA-mh37-8c3g-3fgc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rpe2-d8ht-u3ht
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@2.0.0.648-37%3Farch=el7_4