Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rubygems-update@2.1.11
Typegem
Namespace
Namerubygems-update
Version2.1.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.3
Latest_non_vulnerable_version3.0.3
Affected_by_vulnerabilities
0
url VCID-416r-82kd-fqg8
vulnerability_id VCID-416r-82kd-fqg8
summary
references
0
reference_url http://blog.rubygems.org/2017/10/09/2.6.14-released.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://blog.rubygems.org/2017/10/09/2.6.14-released.html
1
reference_url http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
2
reference_url https://access.redhat.com/errata/RHSA-2017:3485
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3485
3
reference_url https://access.redhat.com/errata/RHSA-2018:0378
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0378
4
reference_url https://access.redhat.com/errata/RHSA-2018:0583
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0583
5
reference_url https://access.redhat.com/errata/RHSA-2018:0585
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0585
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0903.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0903.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-0903
reference_id
reference_type
scores
0
value 0.05545
scoring_system epss
scoring_elements 0.90504
published_at 2026-06-12T12:55:00Z
1
value 0.05545
scoring_system epss
scoring_elements 0.90473
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-0903
8
reference_url https://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rubygems/rubygems
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems
15
reference_url https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49
16
reference_url https://hackerone.com/reports/274990
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/274990
17
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
18
reference_url https://usn.ubuntu.com/3553-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3553-1
19
reference_url https://usn.ubuntu.com/3553-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3553-1/
20
reference_url https://usn.ubuntu.com/3685-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3685-1
21
reference_url https://usn.ubuntu.com/3685-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3685-1/
22
reference_url https://web.archive.org/web/20200227143351/http://www.securityfocus.com/bid/101275
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227143351/http://www.securityfocus.com/bid/101275
23
reference_url https://www.debian.org/security/2017/dsa-4031
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-4031
24
reference_url http://www.securityfocus.com/bid/101275
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/101275
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500488
reference_id 1500488
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500488
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-0903
reference_id CVE-2017-0903
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-0903
27
reference_url https://github.com/advisories/GHSA-mqwr-4qf2-2hcv
reference_id GHSA-mqwr-4qf2-2hcv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqwr-4qf2-2hcv
28
reference_url https://usn.ubuntu.com/3685-2/
reference_id USN-3685-2
reference_type
scores
url https://usn.ubuntu.com/3685-2/
fixed_packages
0
url pkg:gem/rubygems-update@2.6.14
purl pkg:gem/rubygems-update@2.6.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-evt7-qzp2-4yec
1
vulnerability VCID-gew9-fbrh-9ue5
2
vulnerability VCID-qxcb-1m7w-u7ct
3
vulnerability VCID-rm3q-4vdp-pkhv
4
vulnerability VCID-ww87-78hq-zuaa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.14
aliases CVE-2017-0903, GHSA-mqwr-4qf2-2hcv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-416r-82kd-fqg8
1
url VCID-j6uv-kbey-hqd1
vulnerability_id VCID-j6uv-kbey-hqd1
summary
references
0
reference_url http://blog.rubygems.org/2017/08/27/2.6.13-released.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.rubygems.org/2017/08/27/2.6.13-released.html
1
reference_url https://access.redhat.com/errata/RHSA-2017:3485
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3485
2
reference_url https://access.redhat.com/errata/RHSA-2018:0378
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0378
3
reference_url https://access.redhat.com/errata/RHSA-2018:0583
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0583
4
reference_url https://access.redhat.com/errata/RHSA-2018:0585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0585
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0900.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0900.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-0900
reference_id
reference_type
scores
0
value 0.22758
scoring_system epss
scoring_elements 0.96007
published_at 2026-06-12T12:55:00Z
1
value 0.22758
scoring_system epss
scoring_elements 0.95995
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-0900
7
reference_url https://blog.rubygems.org/2017/08/27/2.6.13-released.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://blog.rubygems.org/2017/08/27/2.6.13-released.html
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
15
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
16
reference_url https://github.com/rubygems/rubygems
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems
17
reference_url https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251
18
reference_url https://hackerone.com/reports/243003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/243003
19
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-0900
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-0900
21
reference_url https://web.archive.org/web/20190212090616/http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190212090616/http://www.securitytracker.com/id/1039249
22
reference_url https://web.archive.org/web/20200227143907/http://www.securityfocus.com/bid/100579
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227143907/http://www.securityfocus.com/bid/100579
23
reference_url https://www.debian.org/security/2017/dsa-3966
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-3966
24
reference_url http://www.securityfocus.com/bid/100579
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100579
25
reference_url http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039249
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1487588
reference_id 1487588
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1487588
27
reference_url https://github.com/advisories/GHSA-p7f2-rr42-m9xm
reference_id GHSA-p7f2-rr42-m9xm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p7f2-rr42-m9xm
28
reference_url https://security.gentoo.org/glsa/201710-01
reference_id GLSA-201710-01
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201710-01
29
reference_url https://usn.ubuntu.com/3439-1/
reference_id USN-3439-1
reference_type
scores
url https://usn.ubuntu.com/3439-1/
fixed_packages
0
url pkg:gem/rubygems-update@2.6.13
purl pkg:gem/rubygems-update@2.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-416r-82kd-fqg8
1
vulnerability VCID-evt7-qzp2-4yec
2
vulnerability VCID-gew9-fbrh-9ue5
3
vulnerability VCID-qxcb-1m7w-u7ct
4
vulnerability VCID-rm3q-4vdp-pkhv
5
vulnerability VCID-ww87-78hq-zuaa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13
aliases CVE-2017-0900, GHSA-p7f2-rr42-m9xm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6uv-kbey-hqd1
2
url VCID-j8bn-5tud-jkcm
vulnerability_id VCID-j8bn-5tud-jkcm
summary
references
0
reference_url http://blog.rubygems.org/2017/08/27/2.6.13-released.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://blog.rubygems.org/2017/08/27/2.6.13-released.html
1
reference_url https://access.redhat.com/errata/RHSA-2017:3485
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3485
2
reference_url https://access.redhat.com/errata/RHSA-2018:0378
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0378
3
reference_url https://access.redhat.com/errata/RHSA-2018:0583
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0583
4
reference_url https://access.redhat.com/errata/RHSA-2018:0585
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0585
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0899.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0899.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-0899
reference_id
reference_type
scores
0
value 0.09304
scoring_system epss
scoring_elements 0.92929
published_at 2026-06-11T12:55:00Z
1
value 0.09304
scoring_system epss
scoring_elements 0.92952
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-0899
7
reference_url https://blog.rubygems.org/2017/08/27/2.6.13-released.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://blog.rubygems.org/2017/08/27/2.6.13-released.html
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
15
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
16
reference_url https://github.com/rubygems/rubygems
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems
17
reference_url https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1
18
reference_url https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491
19
reference_url https://hackerone.com/reports/226335
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/226335
20
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
21
reference_url https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249
22
reference_url https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100576#:~:text=1%20snapshot-,11%3A49%3A33,-Note
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100576#:~:text=1%20snapshot-,11%3A49%3A33,-Note
23
reference_url https://www.debian.org/security/2017/dsa-3966
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-3966
24
reference_url http://www.securityfocus.com/bid/100576
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100576
25
reference_url http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039249
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1487590
reference_id 1487590
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1487590
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-0899
reference_id CVE-2017-0899
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-0899
28
reference_url https://github.com/advisories/GHSA-7gcp-2gmq-w3xh
reference_id GHSA-7gcp-2gmq-w3xh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gcp-2gmq-w3xh
29
reference_url https://security.gentoo.org/glsa/201710-01
reference_id GLSA-201710-01
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201710-01
30
reference_url https://usn.ubuntu.com/3439-1/
reference_id USN-3439-1
reference_type
scores
url https://usn.ubuntu.com/3439-1/
fixed_packages
0
url pkg:gem/rubygems-update@2.6.13
purl pkg:gem/rubygems-update@2.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-416r-82kd-fqg8
1
vulnerability VCID-evt7-qzp2-4yec
2
vulnerability VCID-gew9-fbrh-9ue5
3
vulnerability VCID-qxcb-1m7w-u7ct
4
vulnerability VCID-rm3q-4vdp-pkhv
5
vulnerability VCID-ww87-78hq-zuaa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13
aliases CVE-2017-0899, GHSA-7gcp-2gmq-w3xh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8bn-5tud-jkcm
3
url VCID-kdyp-xe71-f7c2
vulnerability_id VCID-kdyp-xe71-f7c2
summary RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
references
0
reference_url http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2015-1657.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1657.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3900.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3900.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3900
reference_id
reference_type
scores
0
value 0.02401
scoring_system epss
scoring_elements 0.85453
published_at 2026-06-12T12:55:00Z
1
value 0.02401
scoring_system epss
scoring_elements 0.85401
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3900
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3900
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3900
9
reference_url https://puppet.com/security/cve/CVE-2015-3900
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2015-3900
10
reference_url https://web.archive.org/web/20170331091241/https://puppet.com/security/cve/CVE-2015-3900
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170331091241/https://puppet.com/security/cve/CVE-2015-3900
11
reference_url https://web.archive.org/web/20200228055155/http://www.securityfocus.com/bid/75482
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228055155/http://www.securityfocus.com/bid/75482
12
reference_url https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356
13
reference_url https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900
14
reference_url https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
reference_id
reference_type
scores
url https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
15
reference_url http://www.openwall.com/lists/oss-security/2015/06/26/2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/06/26/2
16
reference_url http://www.securityfocus.com/bid/75482
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/75482
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1236116
reference_id 1236116
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1236116
18
reference_url https://github.com/advisories/GHSA-wp3j-rvfp-624h
reference_id GHSA-wp3j-rvfp-624h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wp3j-rvfp-624h
19
reference_url https://access.redhat.com/errata/RHSA-2015:1657
reference_id RHSA-2015:1657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1657
fixed_packages
0
url pkg:gem/rubygems-update@2.2.4
purl pkg:gem/rubygems-update@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-416r-82kd-fqg8
1
vulnerability VCID-j6uv-kbey-hqd1
2
vulnerability VCID-j8bn-5tud-jkcm
3
vulnerability VCID-kdyp-xe71-f7c2
4
vulnerability VCID-mmu8-f2a6-7qaj
5
vulnerability VCID-rvgn-6zh3-t7d3
6
vulnerability VCID-yrnr-xz1e-b7aa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.2.4
1
url pkg:gem/rubygems-update@2.4.7
purl pkg:gem/rubygems-update@2.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-416r-82kd-fqg8
1
vulnerability VCID-77ah-j456-2yad
2
vulnerability VCID-g795-ac5q-m7dg
3
vulnerability VCID-gbas-fhvk-mkfh
4
vulnerability VCID-j6uv-kbey-hqd1
5
vulnerability VCID-j8bn-5tud-jkcm
6
vulnerability VCID-mmu8-f2a6-7qaj
7
vulnerability VCID-qh71-t8pt-53b3
8
vulnerability VCID-rvgn-6zh3-t7d3
9
vulnerability VCID-w2sf-by6z-a7fw
10
vulnerability VCID-x7v6-eefc-wufc
11
vulnerability VCID-yrnr-xz1e-b7aa
12
vulnerability VCID-zjth-98ge-5fez
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.7
aliases CVE-2015-3900, GHSA-wp3j-rvfp-624h, OSV-122162
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdyp-xe71-f7c2
4
url VCID-mmu8-f2a6-7qaj
vulnerability_id VCID-mmu8-f2a6-7qaj
summary RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.
references
0
reference_url http://blog.rubygems.org/2015/06/08/2.2.5-released.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.rubygems.org/2015/06/08/2.2.5-released.html
1
reference_url http://blog.rubygems.org/2015/06/08/2.4.8-released.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.rubygems.org/2015/06/08/2.4.8-released.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4020.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4020.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-4020
reference_id
reference_type
scores
0
value 0.00524
scoring_system epss
scoring_elements 0.67367
published_at 2026-06-11T12:55:00Z
1
value 0.00524
scoring_system epss
scoring_elements 0.67458
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-4020
4
reference_url https://github.com/rubygems/rubygems
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems
5
reference_url https://github.com/rubygems/rubygems/commit/5c7bfb5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/commit/5c7bfb5
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-4020
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-4020
8
reference_url https://puppet.com/security/cve/CVE-2015-3900
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2015-3900
9
reference_url https://web.archive.org/web/20200228084212/http://www.securityfocus.com/bid/75431
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228084212/http://www.securityfocus.com/bid/75431
10
reference_url https://web.archive.org/web/20200228085830/https://puppet.com/security/cve/CVE-2015-3900
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228085830/https://puppet.com/security/cve/CVE-2015-3900
11
reference_url https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
12
reference_url https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900
13
reference_url https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
reference_id
reference_type
scores
url https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
14
reference_url http://www.securityfocus.com/bid/75431
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/75431
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1250109
reference_id 1250109
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1250109
16
reference_url https://github.com/advisories/GHSA-qv62-xfj6-32xm
reference_id GHSA-qv62-xfj6-32xm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv62-xfj6-32xm
fixed_packages
0
url pkg:gem/rubygems-update@2.2.5
purl pkg:gem/rubygems-update@2.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-416r-82kd-fqg8
1
vulnerability VCID-j6uv-kbey-hqd1
2
vulnerability VCID-j8bn-5tud-jkcm
3
vulnerability VCID-kdyp-xe71-f7c2
4
vulnerability VCID-mmu8-f2a6-7qaj
5
vulnerability VCID-rvgn-6zh3-t7d3
6
vulnerability VCID-yrnr-xz1e-b7aa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.2.5
1
url pkg:gem/rubygems-update@2.4.8
purl pkg:gem/rubygems-update@2.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-416r-82kd-fqg8
1
vulnerability VCID-77ah-j456-2yad
2
vulnerability VCID-g795-ac5q-m7dg
3
vulnerability VCID-gbas-fhvk-mkfh
4
vulnerability VCID-j6uv-kbey-hqd1
5
vulnerability VCID-j8bn-5tud-jkcm
6
vulnerability VCID-qh71-t8pt-53b3
7
vulnerability VCID-rvgn-6zh3-t7d3
8
vulnerability VCID-w2sf-by6z-a7fw
9
vulnerability VCID-x7v6-eefc-wufc
10
vulnerability VCID-yrnr-xz1e-b7aa
11
vulnerability VCID-zjth-98ge-5fez
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.8
aliases CVE-2015-4020, GHSA-qv62-xfj6-32xm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmu8-f2a6-7qaj
5
url VCID-rvgn-6zh3-t7d3
vulnerability_id VCID-rvgn-6zh3-t7d3
summary
references
0
reference_url http://blog.rubygems.org/2017/08/27/2.6.13-released.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.rubygems.org/2017/08/27/2.6.13-released.html
1
reference_url https://access.redhat.com/errata/RHSA-2017:3485
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3485
2
reference_url https://access.redhat.com/errata/RHSA-2018:0378
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0378
3
reference_url https://access.redhat.com/errata/RHSA-2018:0583
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0583
4
reference_url https://access.redhat.com/errata/RHSA-2018:0585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0585
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0901.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0901.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-0901
reference_id
reference_type
scores
0
value 0.20215
scoring_system epss
scoring_elements 0.95646
published_at 2026-06-11T12:55:00Z
1
value 0.20215
scoring_system epss
scoring_elements 0.95659
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-0901
7
reference_url https://blog.rubygems.org/2017/08/27/2.6.13-released.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://blog.rubygems.org/2017/08/27/2.6.13-released.html
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
15
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:C/A:N
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
16
reference_url https://github.com/rubygems/rubygems
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems
17
reference_url https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2
18
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
19
reference_url https://usn.ubuntu.com/3553-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3553-1
20
reference_url https://usn.ubuntu.com/3553-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3553-1/
21
reference_url https://usn.ubuntu.com/3685-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3685-1
22
reference_url https://usn.ubuntu.com/3685-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3685-1/
23
reference_url https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249
24
reference_url https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100580#:~:text=1%20snapshot-,16%3A05%3A26,-Note
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100580#:~:text=1%20snapshot-,16%3A05%3A26,-Note
25
reference_url https://www.debian.org/security/2017/dsa-3966
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-3966
26
reference_url https://www.exploit-db.com/exploits/42611
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/42611
27
reference_url https://www.exploit-db.com/exploits/42611/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/42611/
28
reference_url http://www.securityfocus.com/bid/100580
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100580
29
reference_url http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039249
30
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1487587
reference_id 1487587
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1487587
31
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42611.txt
reference_id CVE-2017-0901
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42611.txt
32
reference_url https://hackerone.com/reports/243156
reference_id CVE-2017-0901
reference_type exploit
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/243156
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-0901
reference_id CVE-2017-0901
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-0901
34
reference_url https://github.com/advisories/GHSA-pm9x-4392-2c2p
reference_id GHSA-pm9x-4392-2c2p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pm9x-4392-2c2p
35
reference_url https://security.gentoo.org/glsa/201710-01
reference_id GLSA-201710-01
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201710-01
36
reference_url https://usn.ubuntu.com/3439-1/
reference_id USN-3439-1
reference_type
scores
url https://usn.ubuntu.com/3439-1/
fixed_packages
0
url pkg:gem/rubygems-update@2.6.13
purl pkg:gem/rubygems-update@2.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-416r-82kd-fqg8
1
vulnerability VCID-evt7-qzp2-4yec
2
vulnerability VCID-gew9-fbrh-9ue5
3
vulnerability VCID-qxcb-1m7w-u7ct
4
vulnerability VCID-rm3q-4vdp-pkhv
5
vulnerability VCID-ww87-78hq-zuaa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13
aliases CVE-2017-0901, GHSA-pm9x-4392-2c2p
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvgn-6zh3-t7d3
6
url VCID-yrnr-xz1e-b7aa
vulnerability_id VCID-yrnr-xz1e-b7aa
summary
references
0
reference_url http://blog.rubygems.org/2017/08/27/2.6.13-released.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.rubygems.org/2017/08/27/2.6.13-released.html
1
reference_url https://access.redhat.com/errata/RHSA-2017:3485
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3485
2
reference_url https://access.redhat.com/errata/RHSA-2018:0378
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0378
3
reference_url https://access.redhat.com/errata/RHSA-2018:0583
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0583
4
reference_url https://access.redhat.com/errata/RHSA-2018:0585
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0585
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0902.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0902.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-0902
reference_id
reference_type
scores
0
value 0.04996
scoring_system epss
scoring_elements 0.89961
published_at 2026-06-12T12:55:00Z
1
value 0.04996
scoring_system epss
scoring_elements 0.89928
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-0902
7
reference_url https://blog.rubygems.org/2017/08/27/2.6.13-released.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements
url https://blog.rubygems.org/2017/08/27/2.6.13-released.html
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
15
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:C/I:C/A:C
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
16
reference_url https://github.com/rubygems/rubygems
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems
17
reference_url https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32
18
reference_url https://hackerone.com/reports/218088
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/218088
19
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
20
reference_url https://usn.ubuntu.com/3553-1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3553-1
21
reference_url https://usn.ubuntu.com/3553-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3553-1/
22
reference_url https://usn.ubuntu.com/3685-1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3685-1
23
reference_url https://usn.ubuntu.com/3685-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3685-1/
24
reference_url https://web.archive.org/web/20170907040741/http://www.securityfocus.com/bid/100586
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170907040741/http://www.securityfocus.com/bid/100586
25
reference_url https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249
26
reference_url https://www.debian.org/security/2017/dsa-3966
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-3966
27
reference_url http://www.securityfocus.com/bid/100586
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100586
28
reference_url http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039249
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1487589
reference_id 1487589
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1487589
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-0902
reference_id CVE-2017-0902
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-0902
31
reference_url https://github.com/advisories/GHSA-73w7-6w9g-gc8w
reference_id GHSA-73w7-6w9g-gc8w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-73w7-6w9g-gc8w
32
reference_url https://security.gentoo.org/glsa/201710-01
reference_id GLSA-201710-01
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201710-01
fixed_packages
0
url pkg:gem/rubygems-update@2.6.13
purl pkg:gem/rubygems-update@2.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-416r-82kd-fqg8
1
vulnerability VCID-evt7-qzp2-4yec
2
vulnerability VCID-gew9-fbrh-9ue5
3
vulnerability VCID-qxcb-1m7w-u7ct
4
vulnerability VCID-rm3q-4vdp-pkhv
5
vulnerability VCID-ww87-78hq-zuaa
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13
aliases CVE-2017-0902, GHSA-73w7-6w9g-gc8w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrnr-xz1e-b7aa
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.1.11