Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/190592?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/190592?format=api", "purl": "pkg:gem/rubygems-update@2.7.10", "type": "gem", "namespace": "", "name": "rubygems-update", "version": "2.7.10", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.3", "latest_non_vulnerable_version": "3.0.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10794?format=api", "vulnerability_id": "VCID-f7x5-hz5f-hyd3", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nAn issue was discovered in RubyGems. Since `Gem::CommandManager#run` calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55625", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55622", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55571", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55568", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55597", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55992", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8325" }, { "reference_url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8325.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8325.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692522", "reference_id": "1692522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692522" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987", "reference_id": "925987", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8325", "reference_id": "CVE-2019-8325", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8325" }, { "reference_url": "https://github.com/advisories/GHSA-4wm8-fjv7-j774", "reference_id": "GHSA-4wm8-fjv7-j774", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4wm8-fjv7-j774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1148", "reference_id": "RHSA-2019:1148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1150", "reference_id": "RHSA-2019:1150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1235", "reference_id": "RHSA-2019:1235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2769", "reference_id": "RHSA-2020:2769", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2769" }, { "reference_url": "https://usn.ubuntu.com/3945-1/", "reference_id": "USN-3945-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3945-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37074?format=api", "purl": "pkg:gem/rubygems-update@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f7x5-hz5f-hyd3" }, { "vulnerability": "VCID-ha3g-uyse-wybx" }, { "vulnerability": "VCID-jkwe-c323-3yez" }, { "vulnerability": "VCID-ky5r-bch5-m7dv" }, { "vulnerability": "VCID-t78a-dw4s-vqf5" }, { "vulnerability": "VCID-xgmc-a5rk-zqag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/37075?format=api", "purl": "pkg:gem/rubygems-update@3.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.3" } ], "aliases": [ "CVE-2019-8325", "GHSA-4wm8-fjv7-j774" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7x5-hz5f-hyd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10797?format=api", "vulnerability_id": "VCID-ha3g-uyse-wybx", "summary": "Injection Vulnerability\nAn issue was discovered in RubyGems. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8322.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8322.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55597", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55568", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55571", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55622", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55625", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55992", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8322" }, { "reference_url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8322.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8322.yml" }, { "reference_url": "https://hackerone.com/reports/315087", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/315087" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692516", "reference_id": "1692516", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692516" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987", "reference_id": "925987", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8322", "reference_id": "CVE-2019-8322", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8322" }, { "reference_url": "https://github.com/advisories/GHSA-mh37-8c3g-3fgc", "reference_id": "GHSA-mh37-8c3g-3fgc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mh37-8c3g-3fgc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1148", "reference_id": "RHSA-2019:1148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1150", "reference_id": "RHSA-2019:1150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1235", "reference_id": "RHSA-2019:1235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2769", "reference_id": "RHSA-2020:2769", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2769" }, { "reference_url": "https://usn.ubuntu.com/3945-1/", "reference_id": "USN-3945-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3945-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37074?format=api", "purl": "pkg:gem/rubygems-update@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f7x5-hz5f-hyd3" }, { "vulnerability": "VCID-ha3g-uyse-wybx" }, { "vulnerability": "VCID-jkwe-c323-3yez" }, { "vulnerability": "VCID-ky5r-bch5-m7dv" }, { "vulnerability": "VCID-t78a-dw4s-vqf5" }, { "vulnerability": "VCID-xgmc-a5rk-zqag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/37075?format=api", "purl": "pkg:gem/rubygems-update@3.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.3" } ], "aliases": [ "CVE-2019-8322", "GHSA-mh37-8c3g-3fgc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ha3g-uyse-wybx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10798?format=api", "vulnerability_id": "VCID-jkwe-c323-3yez", "summary": "Argument Injection or Modification\nAn issue was discovered in RubyGems. Since `Gem::UserInteraction#verbose` calls say without escaping, escape sequence injection is possible.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8321.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55625", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55622", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55571", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55568", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55597", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55992", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8321" }, { "reference_url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8321.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8321.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692514", "reference_id": "1692514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692514" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987", "reference_id": "925987", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8321", "reference_id": "CVE-2019-8321", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8321" }, { "reference_url": "https://github.com/advisories/GHSA-fr32-gr5c-xq5c", "reference_id": "GHSA-fr32-gr5c-xq5c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fr32-gr5c-xq5c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1148", "reference_id": "RHSA-2019:1148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1150", "reference_id": "RHSA-2019:1150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1235", "reference_id": "RHSA-2019:1235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2769", "reference_id": "RHSA-2020:2769", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2769" }, { "reference_url": "https://usn.ubuntu.com/3945-1/", "reference_id": "USN-3945-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3945-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37074?format=api", "purl": "pkg:gem/rubygems-update@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f7x5-hz5f-hyd3" }, { "vulnerability": "VCID-ha3g-uyse-wybx" }, { "vulnerability": "VCID-jkwe-c323-3yez" }, { "vulnerability": "VCID-ky5r-bch5-m7dv" }, { "vulnerability": "VCID-t78a-dw4s-vqf5" }, { "vulnerability": "VCID-xgmc-a5rk-zqag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/37075?format=api", "purl": "pkg:gem/rubygems-update@3.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.3" } ], "aliases": [ "CVE-2019-8321", "GHSA-fr32-gr5c-xq5c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkwe-c323-3yez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10796?format=api", "vulnerability_id": "VCID-ky5r-bch5-m7dv", "summary": "Injection Vulnerability\nAn issue was discovered in RubyGems. `Gem::GemcutterUtilities#with_response` may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8323.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8323.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8323", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55597", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55568", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55571", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55622", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55625", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55992", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8323" }, { "reference_url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8323.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8323.yml" }, { "reference_url": "https://hackerone.com/reports/315081", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/315081" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692519", "reference_id": "1692519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692519" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987", "reference_id": "925987", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8323", "reference_id": "CVE-2019-8323", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8323" }, { "reference_url": "https://github.com/advisories/GHSA-3h4r-pjv6-cph9", "reference_id": "GHSA-3h4r-pjv6-cph9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3h4r-pjv6-cph9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1148", "reference_id": "RHSA-2019:1148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1150", "reference_id": "RHSA-2019:1150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1235", "reference_id": "RHSA-2019:1235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2769", "reference_id": "RHSA-2020:2769", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2769" }, { "reference_url": "https://usn.ubuntu.com/3945-1/", "reference_id": "USN-3945-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3945-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37074?format=api", "purl": "pkg:gem/rubygems-update@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f7x5-hz5f-hyd3" }, { "vulnerability": "VCID-ha3g-uyse-wybx" }, { "vulnerability": "VCID-jkwe-c323-3yez" }, { "vulnerability": "VCID-ky5r-bch5-m7dv" }, { "vulnerability": "VCID-t78a-dw4s-vqf5" }, { "vulnerability": "VCID-xgmc-a5rk-zqag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/37075?format=api", "purl": "pkg:gem/rubygems-update@3.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.3" } ], "aliases": [ "CVE-2019-8323", "GHSA-3h4r-pjv6-cph9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ky5r-bch5-m7dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10795?format=api", "vulnerability_id": "VCID-xgmc-a5rk-zqag", "summary": "Improper Input Validation\nA crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is evaluated by `ensure_loadable_spec` during the pre-installation check.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1972", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1972" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8324.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8324.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8324", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66018", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66006", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.65955", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.65989", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.65959", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66029", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.65994", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66024", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66037", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66346", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8324" }, { "reference_url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8324.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8324.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692520", "reference_id": "1692520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692520" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987", "reference_id": "925987", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8324", "reference_id": "CVE-2019-8324", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8324" }, { "reference_url": "https://github.com/advisories/GHSA-76wm-422q-92mq", "reference_id": "GHSA-76wm-422q-92mq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76wm-422q-92mq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1148", "reference_id": "RHSA-2019:1148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1150", "reference_id": "RHSA-2019:1150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1151", "reference_id": "RHSA-2019:1151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1235", "reference_id": "RHSA-2019:1235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2769", "reference_id": "RHSA-2020:2769", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2769" }, { "reference_url": "https://usn.ubuntu.com/3945-1/", "reference_id": "USN-3945-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3945-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37074?format=api", "purl": "pkg:gem/rubygems-update@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f7x5-hz5f-hyd3" }, { "vulnerability": "VCID-ha3g-uyse-wybx" }, { "vulnerability": "VCID-jkwe-c323-3yez" }, { "vulnerability": "VCID-ky5r-bch5-m7dv" }, { "vulnerability": "VCID-t78a-dw4s-vqf5" }, { "vulnerability": "VCID-xgmc-a5rk-zqag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/37075?format=api", "purl": "pkg:gem/rubygems-update@3.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.3" } ], "aliases": [ "CVE-2019-8324", "GHSA-76wm-422q-92mq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgmc-a5rk-zqag" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.10" }