{"url":"http://public2.vulnerablecode.io/api/packages/1072973?format=json","purl":"pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1?arch=hum1","type":"rpm","namespace":"redhat","name":"ruby3-4-main","version":"3.4.8-31.1","qualifiers":{"arch":"hum1"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11928?format=json","vulnerability_id":"VCID-1vp9-6q85-5ffv","summary":"Reliance on Cookies without Validation and Integrity Checking in a Security Decision\nCGI::Cookie.parse in Ruby mishandles security prefixes in cookie names. This also affects the CGI gem for Ruby.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41819.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41819.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41819","reference_id":"","reference_type":"","scores":[{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73283","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73372","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73349","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73323","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.7333","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73331","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73318","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73284","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73187","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73292","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73197","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73228","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.7324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73247","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73267","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73242","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73218","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73192","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/cgi","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-41819.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-41819.yml"},{"reference_url":"https://hackerone.com/reports/910552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://hackerone.com/reports/910552"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"},{"reference_url":"https://security.gentoo.org/glsa/202401-27","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://security.gentoo.org/glsa/202401-27"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220121-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0003/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220121-0003/"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026757","reference_id":"2026757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026757"},{"reference_url":"https://security.archlinux.org/AVG-2555","reference_id":"AVG-2555","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2555"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41819","reference_id":"CVE-2021-41819","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41819"},{"reference_url":"https://github.com/advisories/GHSA-4vf4-qmvg-mh7h","reference_id":"GHSA-4vf4-qmvg-mh7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vf4-qmvg-mh7h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0543","reference_id":"RHSA-2022:0543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0544","reference_id":"RHSA-2022:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0708","reference_id":"RHSA-2022:0708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5779","reference_id":"RHSA-2022:5779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6447","reference_id":"RHSA-2022:6447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6450","reference_id":"RHSA-2022:6450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6855","reference_id":"RHSA-2022:6855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6856","reference_id":"RHSA-2022:6856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/5235-1/","reference_id":"USN-5235-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5235-1/"}],"fixed_packages":[],"aliases":["CVE-2021-41819","GHSA-4vf4-qmvg-mh7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vp9-6q85-5ffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41900?format=json","vulnerability_id":"VCID-2sv2-6snv-2bd3","summary":"Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28739.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28739","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53826","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53746","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53773","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53796","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53845","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53828","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53812","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53849","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54481","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54538","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54553","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54532","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57161","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57139","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009957","reference_id":"1009957","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2075687","reference_id":"2075687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2075687"},{"reference_url":"https://security.archlinux.org/AVG-2757","reference_id":"AVG-2757","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5338","reference_id":"RHSA-2022:5338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6447","reference_id":"RHSA-2022:6447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6450","reference_id":"RHSA-2022:6450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6585","reference_id":"RHSA-2022:6585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6855","reference_id":"RHSA-2022:6855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6856","reference_id":"RHSA-2022:6856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7025","reference_id":"RHSA-2023:7025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/5462-1/","reference_id":"USN-5462-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5462-1/"},{"reference_url":"https://usn.ubuntu.com/5462-2/","reference_id":"USN-5462-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5462-2/"}],"fixed_packages":[],"aliases":["CVE-2022-28739","GHSA-mvgc-rxvg-hqc6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sv2-6snv-2bd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62213?format=json","vulnerability_id":"VCID-4qm3-nbsk-73he","summary":"Multiple vulnerabilities have been found in Ruby, allowing\n    context-dependent attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4815.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4815.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4815","reference_id":"","reference_type":"","scores":[{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83445","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83458","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83472","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.8347","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83519","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83513","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83509","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83544","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83545","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83546","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83569","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83577","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83581","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83605","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83626","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83645","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4815"},{"reference_url":"https://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm-cve-2011-4815","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm-cve-2011-4815"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=750564","reference_id":"750564","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=750564"},{"reference_url":"https://security.gentoo.org/glsa/201412-27","reference_id":"GLSA-201412-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0069","reference_id":"RHSA-2012:0069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0070","reference_id":"RHSA-2012:0070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/1377-1/","reference_id":"USN-1377-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1377-1/"}],"fixed_packages":[],"aliases":["CVE-2011-4815","GHSA-xpr8-vpc7-7vfc","OSV-78118"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qm3-nbsk-73he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40990?format=json","vulnerability_id":"VCID-4yvc-uzev-wua4","summary":"Multiple vulnerabilities have been discovered in Ruby that allow for\n    attacks including arbitrary code execution and Denial of Service.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"},{"reference_url":"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3655.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3655.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3655","reference_id":"","reference_type":"","scores":[{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96662","published_at":"2026-05-09T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96594","published_at":"2026-04-01T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96603","published_at":"2026-04-02T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96608","published_at":"2026-04-04T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96619","published_at":"2026-04-08T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96621","published_at":"2026-04-09T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96624","published_at":"2026-04-12T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96627","published_at":"2026-04-13T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96633","published_at":"2026-04-16T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96638","published_at":"2026-04-18T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96642","published_at":"2026-04-26T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96641","published_at":"2026-04-24T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96644","published_at":"2026-04-29T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96653","published_at":"2026-05-05T12:55:00Z"},{"value":"0.29733","scoring_system":"epss","scoring_elements":"0.96656","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3655"},{"reference_url":"http://secunia.com/advisories/31430","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31430"},{"reference_url":"http://secunia.com/advisories/31697","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31697"},{"reference_url":"http://secunia.com/advisories/32165","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32165"},{"reference_url":"http://secunia.com/advisories/32219","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32219"},{"reference_url":"http://secunia.com/advisories/32255","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32255"},{"reference_url":"http://secunia.com/advisories/32256","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32256"},{"reference_url":"http://secunia.com/advisories/32371","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32371"},{"reference_url":"http://secunia.com/advisories/32372","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32372"},{"reference_url":"http://secunia.com/advisories/33178","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33178"},{"reference_url":"http://secunia.com/advisories/35074","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/35074"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-17.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-17.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44369","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"},{"reference_url":"http://support.apple.com/kb/HT3549","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT3549"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm","reference_id":"","reference_type":"","scores":[],"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"},{"reference_url":"https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"},{"reference_url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264","reference_id":"","reference_type":"","scores":[],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"},{"reference_url":"http://www.debian.org/security/2008/dsa-1651","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1651"},{"reference_url":"http://www.debian.org/security/2008/dsa-1652","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1652"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0895.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0895.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0897.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"},{"reference_url":"http://www.securityfocus.com/archive/1/495884/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/495884/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/30644","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/30644"},{"reference_url":"http://www.securitytracker.com/id?1020656","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020656"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA09-133A.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.us-cert.gov/cas/techalerts/TA09-133A.html"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2334","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2334"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1297","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/1297"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=458948","reference_id":"458948","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=458948"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3655","reference_id":"CVE-2008-3655","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3655"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32224.rb","reference_id":"CVE-2008-3655;OSVDB-47470","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32224.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32223.rb","reference_id":"CVE-2008-3657;OSVDB-47472;CVE-2008-3655;OSVDB-47470","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32223.rb"},{"reference_url":"https://security.gentoo.org/glsa/200812-17","reference_id":"GLSA-200812-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0895","reference_id":"RHSA-2008:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0896","reference_id":"RHSA-2008:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0897","reference_id":"RHSA-2008:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/651-1/","reference_id":"USN-651-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/651-1/"}],"fixed_packages":[],"aliases":["CVE-2008-3655","GHSA-p524-ppf2-w36w"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvc-uzev-wua4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40987?format=json","vulnerability_id":"VCID-5bte-uex2-f7du","summary":"Multiple vulnerabilities have been discovered in Ruby that allow for\n    attacks including arbitrary code execution and Denial of Service.","references":[{"reference_url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/","reference_id":"","reference_type":"","scores":[],"url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2664","reference_id":"","reference_type":"","scores":[{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.91001","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90872","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90877","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90887","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90908","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90915","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90924","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90922","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90947","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90945","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90946","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90958","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90956","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90954","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90971","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06265","scoring_system":"epss","scoring_elements":"0.90987","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2664"},{"reference_url":"http://secunia.com/advisories/30802","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30802"},{"reference_url":"http://secunia.com/advisories/30831","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30831"},{"reference_url":"http://secunia.com/advisories/30867","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30867"},{"reference_url":"http://secunia.com/advisories/30875","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30875"},{"reference_url":"http://secunia.com/advisories/30894","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30894"},{"reference_url":"http://secunia.com/advisories/31062","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31062"},{"reference_url":"http://secunia.com/advisories/31090","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31090"},{"reference_url":"http://secunia.com/advisories/31181","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31181"},{"reference_url":"http://secunia.com/advisories/31256","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31256"},{"reference_url":"http://secunia.com/advisories/31687","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31687"},{"reference_url":"http://secunia.com/advisories/33178","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33178"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-17.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-17.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43348","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43348"},{"reference_url":"https://issues.rpath.com/browse/RPL-2626","reference_id":"","reference_type":"","scores":[],"url":"https://issues.rpath.com/browse/RPL-2626"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562","reference_id":"","reference_type":"","scores":[],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"},{"reference_url":"https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities"},{"reference_url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"},{"reference_url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206","reference_id":"","reference_type":"","scores":[],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"},{"reference_url":"http://www.debian.org/security/2008/dsa-1612","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1612"},{"reference_url":"http://www.debian.org/security/2008/dsa-1618","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1618"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"},{"reference_url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html"},{"reference_url":"http://www.ruby-forum.com/topic/157034","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-forum.com/topic/157034"},{"reference_url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"},{"reference_url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/29903","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/29903"},{"reference_url":"http://www.securitytracker.com/id?1020347","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020347"},{"reference_url":"http://www.ubuntu.com/usn/usn-621-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-621-1"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1907/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1907/references"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1981/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1981/references"},{"reference_url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=450834","reference_id":"450834","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=450834"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2664","reference_id":"CVE-2008-2664","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2664"},{"reference_url":"https://security.gentoo.org/glsa/200812-17","reference_id":"GLSA-200812-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0561","reference_id":"RHSA-2008:0561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0562","reference_id":"RHSA-2008:0562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0562"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/621-1/","reference_id":"USN-621-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/621-1/"}],"fixed_packages":[],"aliases":["CVE-2008-2664","GHSA-c4h6-p7gp-39x2","OSV-46552"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bte-uex2-f7du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6808?format=json","vulnerability_id":"VCID-5xez-skrj-b3h4","summary":"Entity expansion DoS vulnerability in REXML\n`lib/rexml/text.rb` in the REXML parser allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0611.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0611.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0612.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0612.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1028.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-1028.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1147.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1147.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1821.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1821.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1821","reference_id":"","reference_type":"","scores":[{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95632","published_at":"2026-05-09T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95565","published_at":"2026-04-02T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.9557","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.9558","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95587","published_at":"2026-04-11T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95588","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.9559","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95598","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95603","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95604","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95606","published_at":"2026-04-26T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95605","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95622","published_at":"2026-05-05T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95625","published_at":"2026-05-07T12:55:00Z"},{"value":"0.20672","scoring_system":"epss","scoring_elements":"0.95557","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1821"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=914716","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=914716"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164"},{"reference_url":"http://secunia.com/advisories/52783","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52783"},{"reference_url":"http://secunia.com/advisories/52902","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52902"},{"reference_url":"https://github.com/jruby/jruby","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jruby/jruby"},{"reference_url":"https://github.com/victims/victims-cve-db/blob/master/database/java/2013/1821.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/victims/victims-cve-db/blob/master/database/java/2013/1821.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1821","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1821"},{"reference_url":"http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384"},{"reference_url":"https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092"},{"reference_url":"https://www.jruby.org/2013/02/21/jruby-1-7-3.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jruby.org/2013/02/21/jruby-1-7-3.html"},{"reference_url":"https://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22"},{"reference_url":"http://www.debian.org/security/2013/dsa-2738","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2738"},{"reference_url":"http://www.debian.org/security/2013/dsa-2809","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2809"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:124","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:124"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/03/06/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/03/06/5"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22"},{"reference_url":"http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/"},{"reference_url":"http://www.securityfocus.com/bid/58141","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58141"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862"},{"reference_url":"http://www.ubuntu.com/usn/USN-1780-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1780-1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-hgg7-cghq-xhf4","reference_id":"GHSA-hgg7-cghq-xhf4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgg7-cghq-xhf4"},{"reference_url":"https://security.gentoo.org/glsa/201412-27","reference_id":"GLSA-201412-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0611","reference_id":"RHSA-2013:0611","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0611"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0612","reference_id":"RHSA-2013:0612","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0612"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1028","reference_id":"RHSA-2013:1028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1147","reference_id":"RHSA-2013:1147","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1185","reference_id":"RHSA-2013:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/1780-1/","reference_id":"USN-1780-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1780-1/"}],"fixed_packages":[],"aliases":["CVE-2013-1821","GHSA-hgg7-cghq-xhf4","OSV-90587"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xez-skrj-b3h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87345?format=json","vulnerability_id":"VCID-6dxj-me8k-qfak","summary":"ruby: Properly initialize the random number generator when forking new process","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3009.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3009","reference_id":"","reference_type":"","scores":[{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65739","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65789","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65818","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65836","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65847","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65866","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65853","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65823","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65856","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65871","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65859","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65869","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.6588","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65854","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.659","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65944","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3009","reference_id":"","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3009"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=722415","reference_id":"722415","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=722415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1581","reference_id":"RHSA-2011:1581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0070","reference_id":"RHSA-2012:0070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"}],"fixed_packages":[],"aliases":["CVE-2011-3009","GHSA-mg6g-jwh6-pwjf"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dxj-me8k-qfak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15467?format=json","vulnerability_id":"VCID-91b7-xx8t-rqhr","summary":"Improper Authentication\nThe Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3485","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10784.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10784.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10784","reference_id":"","reference_type":"","scores":[{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80281","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80309","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.8032","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80338","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80265","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80293","published_at":"2026-04-04T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80425","published_at":"2026-04-12T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80419","published_at":"2026-04-13T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81758","published_at":"2026-04-24T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81836","published_at":"2026-05-09T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81812","published_at":"2026-05-07T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.8173","published_at":"2026-04-18T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81773","published_at":"2026-04-29T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81733","published_at":"2026-04-21T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81767","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:P"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/ruby/commit/6617c41292","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/ruby/commit/6617c41292"},{"reference_url":"https://github.com/ruby/webrick","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/webrick"},{"reference_url":"https://github.com/ruby/webrick/commit/4ac0f3843ab82d1c31e1cfc719409208adef7813","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/webrick/commit/4ac0f3843ab82d1c31e1cfc719409208adef7813"},{"reference_url":"https://hackerone.com/reports/223363","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/223363"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://security.gentoo.org/glsa/201710-18","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201710-18"},{"reference_url":"https://usn.ubuntu.com/3528-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3528-1"},{"reference_url":"https://usn.ubuntu.com/3528-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3528-1/"},{"reference_url":"https://usn.ubuntu.com/3685-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3685-1"},{"reference_url":"https://usn.ubuntu.com/3685-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3685-1/"},{"reference_url":"https://web.archive.org/web/20210621131814/http://www.securityfocus.com/bid/100853","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210621131814/http://www.securityfocus.com/bid/100853"},{"reference_url":"https://web.archive.org/web/20210919031115/http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210919031115/http://www.securitytracker.com/id/1042004"},{"reference_url":"https://web.archive.org/web/20211025092552/http://www.securitytracker.com/id/1039363","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211025092552/http://www.securitytracker.com/id/1039363"},{"reference_url":"https://www.debian.org/security/2017/dsa-4031","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-4031"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"},{"reference_url":"http://www.securityfocus.com/bid/100853","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100853"},{"reference_url":"http://www.securitytracker.com/id/1039363","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039363"},{"reference_url":"http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1492012","reference_id":"1492012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1492012"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10784","reference_id":"CVE-2017-10784","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10784"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2017-10784.yml","reference_id":"CVE-2017-10784.YML","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2017-10784.yml"},{"reference_url":"https://github.com/advisories/GHSA-369m-2gv6-mw28","reference_id":"GHSA-369m-2gv6-mw28","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-369m-2gv6-mw28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3439-1/","reference_id":"USN-3439-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3439-1/"}],"fixed_packages":[],"aliases":["CVE-2017-10784","GHSA-369m-2gv6-mw28"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91b7-xx8t-rqhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40988?format=json","vulnerability_id":"VCID-9gp6-pvw1-ufhs","summary":"Multiple vulnerabilities have been discovered in Ruby that allow for\n    attacks including arbitrary code execution and Denial of Service.","references":[{"reference_url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/","reference_id":"","reference_type":"","scores":[],"url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2725.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2725.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2725","reference_id":"","reference_type":"","scores":[{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85422","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85333","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85356","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85365","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85364","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85378","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85404","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85305","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.8532","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85318","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85315","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85335","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85336","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03164","scoring_system":"epss","scoring_elements":"0.86873","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03164","scoring_system":"epss","scoring_elements":"0.86884","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03164","scoring_system":"epss","scoring_elements":"0.86902","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03164","scoring_system":"epss","scoring_elements":"0.86897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03164","scoring_system":"epss","scoring_elements":"0.86917","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2725"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727"},{"reference_url":"http://secunia.com/advisories/30802","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30802"},{"reference_url":"http://secunia.com/advisories/30831","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30831"},{"reference_url":"http://secunia.com/advisories/30867","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30867"},{"reference_url":"http://secunia.com/advisories/30875","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30875"},{"reference_url":"http://secunia.com/advisories/30894","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30894"},{"reference_url":"http://secunia.com/advisories/31062","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31062"},{"reference_url":"http://secunia.com/advisories/31090","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31090"},{"reference_url":"http://secunia.com/advisories/31181","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31181"},{"reference_url":"http://secunia.com/advisories/31256","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31256"},{"reference_url":"http://secunia.com/advisories/31687","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31687"},{"reference_url":"http://secunia.com/advisories/33178","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33178"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-17.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-17.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43350","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43350"},{"reference_url":"https://issues.rpath.com/browse/RPL-2626","reference_id":"","reference_type":"","scores":[],"url":"https://issues.rpath.com/browse/RPL-2626"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562","reference_id":"","reference_type":"","scores":[],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"},{"reference_url":"https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities"},{"reference_url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"},{"reference_url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206","reference_id":"","reference_type":"","scores":[],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"},{"reference_url":"http://www.debian.org/security/2008/dsa-1612","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1612"},{"reference_url":"http://www.debian.org/security/2008/dsa-1618","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1618"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"},{"reference_url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"},{"reference_url":"http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html"},{"reference_url":"http://www.ruby-forum.com/topic/157034","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-forum.com/topic/157034"},{"reference_url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"},{"reference_url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/29903","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/29903"},{"reference_url":"http://www.securitytracker.com/id?1020347","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020347"},{"reference_url":"http://www.ubuntu.com/usn/usn-621-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-621-1"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1907/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1907/references"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1981/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1981/references"},{"reference_url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=451821","reference_id":"451821","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=451821"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2725","reference_id":"CVE-2008-2725","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2725"},{"reference_url":"https://security.gentoo.org/glsa/200812-17","reference_id":"GLSA-200812-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0561","reference_id":"RHSA-2008:0561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0562","reference_id":"RHSA-2008:0562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0562"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/621-1/","reference_id":"USN-621-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/621-1/"}],"fixed_packages":[],"aliases":["CVE-2008-2725","GHSA-924x-9756-qq8p","OSV-46553"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gp6-pvw1-ufhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17012?format=json","vulnerability_id":"VCID-9x9w-2k98-wydm","summary":"Ruby Time component ReDoS issue\nA ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28756.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28756.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28756","reference_id":"","reference_type":"","scores":[{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.692","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.6918","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69192","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00587","scoring_system":"epss","scoring_elements":"0.69183","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70887","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.70971","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71008","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72211","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00826","scoring_system":"epss","scoring_elements":"0.74418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00826","scoring_system":"epss","scoring_elements":"0.74463","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00826","scoring_system":"epss","scoring_elements":"0.74472","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00826","scoring_system":"epss","scoring_elements":"0.74491","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00826","scoring_system":"epss","scoring_elements":"0.74469","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00826","scoring_system":"epss","scoring_elements":"0.74452","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00826","scoring_system":"epss","scoring_elements":"0.74419","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00826","scoring_system":"epss","scoring_elements":"0.74444","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00914","scoring_system":"epss","scoring_elements":"0.75917","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28756"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/time","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/time"},{"reference_url":"https://github.com/ruby/time/releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/time/releases"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z"},{"reference_url":"https://security.gentoo.org/glsa/202401-27","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://security.gentoo.org/glsa/202401-27"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230526-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230526-0004"},{"reference_url":"https://www.ruby-lang.org/en/downloads/releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/downloads/releases"},{"reference_url":"https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756"},{"reference_url":"https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036283","reference_id":"1036283","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036283"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038408","reference_id":"1038408","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038408"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184061","reference_id":"2184061","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184061"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28756","reference_id":"CVE-2023-28756","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28756"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/time/CVE-2023-28756.yml","reference_id":"CVE-2023-28756.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/time/CVE-2023-28756.yml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/","reference_id":"FFZANOQA4RYX7XCB42OO3P24DQKWHEKA","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/","reference_id":"G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/"},{"reference_url":"https://github.com/advisories/GHSA-fg7x-g82r-94qc","reference_id":"GHSA-fg7x-g82r-94qc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fg7x-g82r-94qc"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230526-0004/","reference_id":"ntap-20230526-0004","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230526-0004/"},{"reference_url":"https://github.com/ruby/time/releases/","reference_id":"releases","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://github.com/ruby/time/releases/"},{"reference_url":"https://www.ruby-lang.org/en/downloads/releases/","reference_id":"releases","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://www.ruby-lang.org/en/downloads/releases/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3291","reference_id":"RHSA-2023:3291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3821","reference_id":"RHSA-2023:3821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7025","reference_id":"RHSA-2023:7025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1431","reference_id":"RHSA-2024:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1576","reference_id":"RHSA-2024:1576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3500","reference_id":"RHSA-2024:3500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3838","reference_id":"RHSA-2024:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/","reference_id":"ruby-3-2-0-released","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/"},{"reference_url":"https://usn.ubuntu.com/6055-1/","reference_id":"USN-6055-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6055-1/"},{"reference_url":"https://usn.ubuntu.com/6087-1/","reference_id":"USN-6087-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6087-1/"},{"reference_url":"https://usn.ubuntu.com/6181-1/","reference_id":"USN-6181-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6181-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/","reference_id":"WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-26T19:59:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/"}],"fixed_packages":[],"aliases":["CVE-2023-28756","GHSA-fg7x-g82r-94qc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9x9w-2k98-wydm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40992?format=json","vulnerability_id":"VCID-a15m-bcma-vfa7","summary":"Multiple vulnerabilities have been discovered in Ruby that allow for\n    attacks including arbitrary code execution and Denial of Service.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"},{"reference_url":"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3656.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3656.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3656","reference_id":"","reference_type":"","scores":[{"value":"0.65085","scoring_system":"epss","scoring_elements":"0.98496","published_at":"2026-05-09T12:55:00Z"},{"value":"0.65085","scoring_system":"epss","scoring_elements":"0.98483","published_at":"2026-04-16T12:55:00Z"},{"value":"0.65085","scoring_system":"epss","scoring_elements":"0.98484","published_at":"2026-04-21T12:55:00Z"},{"value":"0.65085","scoring_system":"epss","scoring_elements":"0.98488","published_at":"2026-04-29T12:55:00Z"},{"value":"0.65085","scoring_system":"epss","scoring_elements":"0.98493","published_at":"2026-05-07T12:55:00Z"},{"value":"0.68786","scoring_system":"epss","scoring_elements":"0.98622","published_at":"2026-04-09T12:55:00Z"},{"value":"0.68786","scoring_system":"epss","scoring_elements":"0.98611","published_at":"2026-04-01T12:55:00Z"},{"value":"0.68786","scoring_system":"epss","scoring_elements":"0.98625","published_at":"2026-04-12T12:55:00Z"},{"value":"0.68786","scoring_system":"epss","scoring_elements":"0.98626","published_at":"2026-04-13T12:55:00Z"},{"value":"0.68786","scoring_system":"epss","scoring_elements":"0.98624","published_at":"2026-04-11T12:55:00Z"},{"value":"0.68786","scoring_system":"epss","scoring_elements":"0.98613","published_at":"2026-04-02T12:55:00Z"},{"value":"0.68786","scoring_system":"epss","scoring_elements":"0.98616","published_at":"2026-04-04T12:55:00Z"},{"value":"0.68786","scoring_system":"epss","scoring_elements":"0.98618","published_at":"2026-04-07T12:55:00Z"},{"value":"0.68786","scoring_system":"epss","scoring_elements":"0.9862","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3656"},{"reference_url":"http://secunia.com/advisories/31430","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31430"},{"reference_url":"http://secunia.com/advisories/31697","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31697"},{"reference_url":"http://secunia.com/advisories/32165","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32165"},{"reference_url":"http://secunia.com/advisories/32219","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32219"},{"reference_url":"http://secunia.com/advisories/32255","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32255"},{"reference_url":"http://secunia.com/advisories/32256","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32256"},{"reference_url":"http://secunia.com/advisories/32371","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32371"},{"reference_url":"http://secunia.com/advisories/33178","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33178"},{"reference_url":"http://secunia.com/advisories/35074","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/35074"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-17.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-17.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44371","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44371"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3656","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3656"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682"},{"reference_url":"http://support.apple.com/kb/HT3549","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT3549"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm","reference_id":"","reference_type":"","scores":[],"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"},{"reference_url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264","reference_id":"","reference_type":"","scores":[],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"},{"reference_url":"http://www.debian.org/security/2008/dsa-1651","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1651"},{"reference_url":"http://www.debian.org/security/2008/dsa-1652","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1652"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0897.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"},{"reference_url":"http://www.securityfocus.com/archive/1/495884/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/495884/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/30644","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/30644"},{"reference_url":"http://www.securitytracker.com/id?1020654","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020654"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA09-133A.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.us-cert.gov/cas/techalerts/TA09-133A.html"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2334","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2334"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1297","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/1297"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=458953","reference_id":"458953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=458953"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://www.securityfocus.com/bid/30644/info","reference_id":"CVE-2008-3657;OSVDB-47472;CVE-2008-3655;OSVDB-47470","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/30644/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/32222.rb","reference_id":"CVE-2008-4310;OSVDB-47471;CVE-2008-3656","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/32222.rb"},{"reference_url":"https://security.gentoo.org/glsa/200812-17","reference_id":"GLSA-200812-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0897","reference_id":"RHSA-2008:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/651-1/","reference_id":"USN-651-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/651-1/"}],"fixed_packages":[],"aliases":["CVE-2008-3656","GHSA-823x-6r7f-v9x6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a15m-bcma-vfa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87344?format=json","vulnerability_id":"VCID-ar57-vndq-yka6","summary":"ruby: Properly initialize the random number generator when forking new process","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2705.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2705","reference_id":"","reference_type":"","scores":[{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76804","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.7681","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76838","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76819","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.7685","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76861","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.7689","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76869","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76864","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76905","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.7691","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76902","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76934","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76942","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76954","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76943","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76973","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.7699","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2705"},{"reference_url":"https://redmine.ruby-lang.org/issues/4579","reference_id":"","reference_type":"","scores":[],"url":"https://redmine.ruby-lang.org/issues/4579"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=722415","reference_id":"722415","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=722415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1581","reference_id":"RHSA-2011:1581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/1377-1/","reference_id":"USN-1377-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1377-1/"}],"fixed_packages":[],"aliases":["CVE-2011-2705","GHSA-wj5x-c2v9-7wwr"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ar57-vndq-yka6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86165?format=json","vulnerability_id":"VCID-arjz-geyr-q7e3","summary":"ruby: Unsafe parsing of long strings via decode_www_form_component method","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6438.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6438","reference_id":"","reference_type":"","scores":[{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78237","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78245","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78276","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78258","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78284","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.7829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78316","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78298","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78323","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78321","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78317","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78349","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78356","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78373","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78386","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78411","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78427","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6438"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6438","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490845","reference_id":"1490845","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"}],"fixed_packages":[],"aliases":["CVE-2014-6438","GHSA-2j3h-55rq-rj48"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-arjz-geyr-q7e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34891?format=json","vulnerability_id":"VCID-bdar-wgfe-qqgf","summary":"REXML round-trip instability\nThe REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28965.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28965","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58286","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58193","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58306","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58327","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58332","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58273","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58278","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58244","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58279","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58294","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58281","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58319","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58342","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58339","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68921","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/rexml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/rexml"},{"reference_url":"https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b"},{"reference_url":"https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377"},{"reference_url":"https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752"},{"reference_url":"https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e"},{"reference_url":"https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8"},{"reference_url":"https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551"},{"reference_url":"https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2021-28965.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2021-28965.yml"},{"reference_url":"https://hackerone.com/reports/1104077","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1104077"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28965","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28965"},{"reference_url":"https://rubygems.org/gems/rexml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/rexml"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210528-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210528-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210528-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210528-0003/"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947526","reference_id":"1947526","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947526"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986807","reference_id":"986807","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986807"},{"reference_url":"https://security.archlinux.org/ASA-202104-1","reference_id":"ASA-202104-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-1"},{"reference_url":"https://security.archlinux.org/AVG-1788","reference_id":"AVG-1788","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1788"},{"reference_url":"https://security.archlinux.org/AVG-1789","reference_id":"AVG-1789","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1789"},{"reference_url":"https://security.archlinux.org/AVG-1822","reference_id":"AVG-1822","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1822"},{"reference_url":"https://github.com/advisories/GHSA-8cr8-4vfw-mr7h","reference_id":"GHSA-8cr8-4vfw-mr7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8cr8-4vfw-mr7h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2229","reference_id":"RHSA-2021:2229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2584","reference_id":"RHSA-2021:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/4922-1/","reference_id":"USN-4922-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4922-1/"},{"reference_url":"https://usn.ubuntu.com/4922-2/","reference_id":"USN-4922-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4922-2/"}],"fixed_packages":[],"aliases":["CVE-2021-28965","GHSA-8cr8-4vfw-mr7h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdar-wgfe-qqgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40989?format=json","vulnerability_id":"VCID-c9sy-czbr-tfer","summary":"Multiple vulnerabilities have been discovered in Ruby that allow for\n    attacks including arbitrary code execution and Denial of Service.","references":[{"reference_url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/","reference_id":"","reference_type":"","scores":[],"url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2726.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2726.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2726","reference_id":"","reference_type":"","scores":[{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86258","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86168","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86189","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86218","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86239","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86159","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86158","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86171","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02819","scoring_system":"epss","scoring_elements":"0.86176","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02858","scoring_system":"epss","scoring_elements":"0.86182","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02858","scoring_system":"epss","scoring_elements":"0.86192","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02858","scoring_system":"epss","scoring_elements":"0.86206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02858","scoring_system":"epss","scoring_elements":"0.86225","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2726"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657"},{"reference_url":"http://secunia.com/advisories/30802","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30802"},{"reference_url":"http://secunia.com/advisories/30831","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30831"},{"reference_url":"http://secunia.com/advisories/30867","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30867"},{"reference_url":"http://secunia.com/advisories/30875","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30875"},{"reference_url":"http://secunia.com/advisories/30894","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30894"},{"reference_url":"http://secunia.com/advisories/31062","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31062"},{"reference_url":"http://secunia.com/advisories/31090","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31090"},{"reference_url":"http://secunia.com/advisories/31181","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31181"},{"reference_url":"http://secunia.com/advisories/31256","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31256"},{"reference_url":"http://secunia.com/advisories/31687","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31687"},{"reference_url":"http://secunia.com/advisories/33178","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33178"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-17.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-17.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43351","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43351"},{"reference_url":"https://issues.rpath.com/browse/RPL-2626","reference_id":"","reference_type":"","scores":[],"url":"https://issues.rpath.com/browse/RPL-2626"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562","reference_id":"","reference_type":"","scores":[],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460","reference_id":"","reference_type":"","scores":[],"url":"http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"},{"reference_url":"https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities"},{"reference_url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"},{"reference_url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206","reference_id":"","reference_type":"","scores":[],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"},{"reference_url":"http://www.debian.org/security/2008/dsa-1612","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1612"},{"reference_url":"http://www.debian.org/security/2008/dsa-1618","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1618"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"},{"reference_url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"},{"reference_url":"http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html"},{"reference_url":"http://www.ruby-forum.com/topic/157034","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-forum.com/topic/157034"},{"reference_url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"},{"reference_url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/29903","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/29903"},{"reference_url":"http://www.securitytracker.com/id?1020347","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020347"},{"reference_url":"http://www.ubuntu.com/usn/usn-621-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-621-1"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1907/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1907/references"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1981/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1981/references"},{"reference_url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=451828","reference_id":"451828","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=451828"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2726","reference_id":"CVE-2008-2726","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2726"},{"reference_url":"https://security.gentoo.org/glsa/200812-17","reference_id":"GLSA-200812-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0561","reference_id":"RHSA-2008:0561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0562","reference_id":"RHSA-2008:0562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0562"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/621-1/","reference_id":"USN-621-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/621-1/"}],"fixed_packages":[],"aliases":["CVE-2008-2726","GHSA-v2mw-g73g-923h","OSV-46554"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9sy-czbr-tfer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88160?format=json","vulnerability_id":"VCID-cvs2-zecm-z3h8","summary":"ruby: DL:: dlopen could open a library with tainted library name","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344"},{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7551.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7551.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7551","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37245","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37555","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37365","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37276","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37158","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37225","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37737","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37762","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3764","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3769","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37704","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37717","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37682","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37654","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37702","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37684","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37622","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37385","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7551"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7551","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7551"},{"reference_url":"https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html","reference_id":"","reference_type":"","scores":[],"url":"https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html"},{"reference_url":"https://puppet.com/security/cve/ruby-dec-2015-security-fixes","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/ruby-dec-2015-security-fixes"},{"reference_url":"https://support.apple.com/HT206167","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206167"},{"reference_url":"https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.securityfocus.com/bid/76060","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/76060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1248935","reference_id":"1248935","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1248935"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3365-1/","reference_id":"USN-3365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3365-1/"}],"fixed_packages":[],"aliases":["CVE-2015-7551","GHSA-m9xr-x5mq-4fp5"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvs2-zecm-z3h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88159?format=json","vulnerability_id":"VCID-dh8q-zyat-43ce","summary":"ruby: DL:: dlopen could open a library with tainted library name","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5147.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5147","reference_id":"","reference_type":"","scores":[{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98126","published_at":"2026-05-09T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98091","published_at":"2026-04-01T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98115","published_at":"2026-04-26T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98117","published_at":"2026-04-29T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98113","published_at":"2026-04-24T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98124","published_at":"2026-05-05T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98123","published_at":"2026-05-07T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98095","published_at":"2026-04-02T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98098","published_at":"2026-04-04T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98099","published_at":"2026-04-07T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98108","published_at":"2026-04-11T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.98109","published_at":"2026-04-12T12:55:00Z"},{"value":"0.56223","scoring_system":"epss","scoring_elements":"0.9811","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5147"},{"reference_url":"http://seclists.org/oss-sec/2015/q3/222","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2015/q3/222"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-5147","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-5147"},{"reference_url":"https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"},{"reference_url":"http://www.securityfocus.com/bid/76060","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/76060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1248935","reference_id":"1248935","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1248935"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p645:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p645:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p645:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p647:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p647:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p647:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3365-1/","reference_id":"USN-3365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3365-1/"}],"fixed_packages":[],"aliases":["CVE-2009-5147","GHSA-mmq8-m72q-qgm4"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dh8q-zyat-43ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88490?format=json","vulnerability_id":"VCID-ea13-mua4-1fb9","summary":"ruby: WEBrick CGI source disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1891.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1891","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5238","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52425","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52453","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52418","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52471","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52465","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52516","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52483","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52523","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52529","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52514","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52462","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52472","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52433","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52376","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52428","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1891"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1891","reference_id":"","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1891"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=443829","reference_id":"443829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=443829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"}],"fixed_packages":[],"aliases":["CVE-2008-1891","GHSA-rhf2-x48g-5wr7"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ea13-mua4-1fb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40993?format=json","vulnerability_id":"VCID-fw7k-88kf-1kgg","summary":"Multiple vulnerabilities have been discovered in Ruby that allow for\n    attacks including arbitrary code execution and Denial of Service.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"},{"reference_url":"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3657.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3657","reference_id":"","reference_type":"","scores":[{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95882","published_at":"2026-05-09T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95804","published_at":"2026-04-01T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95813","published_at":"2026-04-02T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95821","published_at":"2026-04-04T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95823","published_at":"2026-04-07T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95832","published_at":"2026-04-08T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95839","published_at":"2026-04-12T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.9584","published_at":"2026-04-13T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95852","published_at":"2026-04-16T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95858","published_at":"2026-04-18T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.9586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95862","published_at":"2026-04-26T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95863","published_at":"2026-04-29T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95875","published_at":"2026-05-05T12:55:00Z"},{"value":"0.22517","scoring_system":"epss","scoring_elements":"0.95877","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3657"},{"reference_url":"http://secunia.com/advisories/31430","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31430"},{"reference_url":"http://secunia.com/advisories/31697","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31697"},{"reference_url":"http://secunia.com/advisories/32165","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32165"},{"reference_url":"http://secunia.com/advisories/32219","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32219"},{"reference_url":"http://secunia.com/advisories/32255","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32255"},{"reference_url":"http://secunia.com/advisories/32256","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32256"},{"reference_url":"http://secunia.com/advisories/32371","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32371"},{"reference_url":"http://secunia.com/advisories/33178","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33178"},{"reference_url":"http://secunia.com/advisories/35074","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/35074"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-17.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-17.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44372","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44372"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3657","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3657"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793"},{"reference_url":"http://support.apple.com/kb/HT3549","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT3549"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm","reference_id":"","reference_type":"","scores":[],"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"},{"reference_url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264","reference_id":"","reference_type":"","scores":[],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"},{"reference_url":"http://www.debian.org/security/2008/dsa-1651","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1651"},{"reference_url":"http://www.debian.org/security/2008/dsa-1652","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1652"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0897.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"},{"reference_url":"http://www.securityfocus.com/archive/1/495884/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/495884/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/30644","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/30644"},{"reference_url":"http://www.securitytracker.com/id?1020652","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020652"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA09-133A.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.us-cert.gov/cas/techalerts/TA09-133A.html"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2334","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2334"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1297","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/1297"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=458966","reference_id":"458966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=458966"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://security.gentoo.org/glsa/200812-17","reference_id":"GLSA-200812-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0897","reference_id":"RHSA-2008:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/651-1/","reference_id":"USN-651-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/651-1/"}],"fixed_packages":[],"aliases":["CVE-2008-3657","GHSA-5f6v-fgcw-j5px"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fw7k-88kf-1kgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87343?format=json","vulnerability_id":"VCID-g1eu-mgx8-j3dw","summary":"ruby: Properly initialize the random number generator when forking new process","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2686.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2686.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2686","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71249","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71258","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71275","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.7125","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71292","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71305","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71328","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71312","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71296","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71342","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71348","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71327","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71381","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71392","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71378","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71415","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71451","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2686"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2686","reference_id":"","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2686"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=722415","reference_id":"722415","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=722415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/1377-1/","reference_id":"USN-1377-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1377-1/"}],"fixed_packages":[],"aliases":["CVE-2011-2686","GHSA-g8g6-3p4h-6388"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1eu-mgx8-j3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57857?format=json","vulnerability_id":"VCID-g7ju-q41v-wyhd","summary":"security update","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0472.html","reference_id":"","reference_type":"","scores":[],"url":"http://advisories.mageia.org/MGASA-2014-0472.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1911.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1911.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1912.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1912.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1913.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1913.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1914.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1914.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8090.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8090.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8090","reference_id":"","reference_type":"","scores":[{"value":"0.09486","scoring_system":"epss","scoring_elements":"0.9288","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09486","scoring_system":"epss","scoring_elements":"0.92846","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09486","scoring_system":"epss","scoring_elements":"0.92855","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09486","scoring_system":"epss","scoring_elements":"0.92868","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93238","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93242","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93246","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93244","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93218","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93263","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93267","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93275","published_at":"2026-04-21T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.9328","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93277","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93245","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93226","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93231","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10488","scoring_system":"epss","scoring_elements":"0.93229","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090"},{"reference_url":"http://secunia.com/advisories/59948","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59948"},{"reference_url":"http://secunia.com/advisories/62050","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/62050"},{"reference_url":"http://secunia.com/advisories/62748","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/62748"},{"reference_url":"https://support.apple.com/HT205267","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT205267"},{"reference_url":"https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090"},{"reference_url":"https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"},{"reference_url":"http://www.debian.org/security/2015/dsa-3157","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3157"},{"reference_url":"http://www.debian.org/security/2015/dsa-3159","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3159"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://www.securityfocus.com/bid/71230","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/71230"},{"reference_url":"http://www.ubuntu.com/usn/USN-2412-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2412-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1159927","reference_id":"1159927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1159927"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8090","reference_id":"CVE-2014-8090","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8090"},{"reference_url":"https://security.gentoo.org/glsa/201412-27","reference_id":"GLSA-201412-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1911","reference_id":"RHSA-2014:1911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1912","reference_id":"RHSA-2014:1912","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1912"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1913","reference_id":"RHSA-2014:1913","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1914","reference_id":"RHSA-2014:1914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/2412-1/","reference_id":"USN-2412-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2412-1/"}],"fixed_packages":[],"aliases":["CVE-2014-8090","GHSA-2x97-vvh4-m4q4","OSV-114641"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7ju-q41v-wyhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62215?format=json","vulnerability_id":"VCID-jj3a-fpsa-a7at","summary":"Multiple vulnerabilities have been found in Ruby, allowing\n    context-dependent attackers to cause a Denial of Service condition.","references":[{"reference_url":"http://2012.appsec-forum.ch/conferences/#c17","reference_id":"","reference_type":"","scores":[],"url":"http://2012.appsec-forum.ch/conferences/#c17"},{"reference_url":"http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf","reference_id":"","reference_type":"","scores":[],"url":"http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5371.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5371.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5371","reference_id":"","reference_type":"","scores":[{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82895","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82691","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82707","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.8272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82717","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82742","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82749","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.8276","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82755","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82794","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82797","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82819","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82828","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82834","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82853","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.82874","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5371"},{"reference_url":"http://secunia.com/advisories/51253","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51253"},{"reference_url":"http://securitytracker.com/id?1027747","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1027747"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79993","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79993"},{"reference_url":"https://www.131002.net/data/talks/appsec12_slides.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://www.131002.net/data/talks/appsec12_slides.pdf"},{"reference_url":"https://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371"},{"reference_url":"http://www.ocert.org/advisories/ocert-2012-001.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.ocert.org/advisories/ocert-2012-001.html"},{"reference_url":"http://www.osvdb.org/87280","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/87280"},{"reference_url":"http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/"},{"reference_url":"http://www.securityfocus.com/bid/56484","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/56484"},{"reference_url":"http://www.ubuntu.com/usn/USN-1733-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1733-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=875236","reference_id":"875236","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=875236"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5371","reference_id":"CVE-2012-5371","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5371"},{"reference_url":"https://security.gentoo.org/glsa/201412-27","reference_id":"GLSA-201412-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/1733-1/","reference_id":"USN-1733-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1733-1/"}],"fixed_packages":[],"aliases":["CVE-2012-5371","GHSA-phrv-cj28-9h57","OSV-87863"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jj3a-fpsa-a7at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40985?format=json","vulnerability_id":"VCID-jx79-wpg7-2yaa","summary":"Multiple vulnerabilities have been discovered in Ruby that allow for\n    attacks including arbitrary code execution and Denial of Service.","references":[{"reference_url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/","reference_id":"","reference_type":"","scores":[],"url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2662.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2662.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2662","reference_id":"","reference_type":"","scores":[{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.8614","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.85973","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.85985","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86001","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.8602","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.8603","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86044","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86042","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86037","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86055","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.8606","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86052","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86072","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86082","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86081","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86101","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02771","scoring_system":"epss","scoring_elements":"0.86122","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2662"},{"reference_url":"http://secunia.com/advisories/30802","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30802"},{"reference_url":"http://secunia.com/advisories/30831","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30831"},{"reference_url":"http://secunia.com/advisories/30867","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30867"},{"reference_url":"http://secunia.com/advisories/30875","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30875"},{"reference_url":"http://secunia.com/advisories/30894","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30894"},{"reference_url":"http://secunia.com/advisories/31062","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31062"},{"reference_url":"http://secunia.com/advisories/31181","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31181"},{"reference_url":"http://secunia.com/advisories/31256","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31256"},{"reference_url":"http://secunia.com/advisories/31687","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31687"},{"reference_url":"http://secunia.com/advisories/33178","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33178"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-17.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-17.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43345","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43345"},{"reference_url":"https://issues.rpath.com/browse/RPL-2626","reference_id":"","reference_type":"","scores":[],"url":"https://issues.rpath.com/browse/RPL-2626"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562","reference_id":"","reference_type":"","scores":[],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601"},{"reference_url":"https://rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"https://rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"},{"reference_url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"},{"reference_url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206","reference_id":"","reference_type":"","scores":[],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"},{"reference_url":"http://www.debian.org/security/2008/dsa-1612","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1612"},{"reference_url":"http://www.debian.org/security/2008/dsa-1618","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1618"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"},{"reference_url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html"},{"reference_url":"http://www.ruby-forum.com/topic/157034","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-forum.com/topic/157034"},{"reference_url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"},{"reference_url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/29903","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/29903"},{"reference_url":"http://www.securitytracker.com/id?1020347","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020347"},{"reference_url":"http://www.ubuntu.com/usn/usn-621-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-621-1"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1907/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1907/references"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1981/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1981/references"},{"reference_url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=450821","reference_id":"450821","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=450821"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2662","reference_id":"CVE-2008-2662","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2662"},{"reference_url":"https://security.gentoo.org/glsa/200812-17","reference_id":"GLSA-200812-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0561","reference_id":"RHSA-2008:0561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/621-1/","reference_id":"USN-621-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/621-1/"}],"fixed_packages":[],"aliases":["CVE-2008-2662","GHSA-6wwf-x53r-5qqq","OSV-46550"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jx79-wpg7-2yaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40986?format=json","vulnerability_id":"VCID-mzqm-gc4w-fbfp","summary":"Multiple vulnerabilities have been discovered in Ruby that allow for\n    attacks including arbitrary code execution and Denial of Service.","references":[{"reference_url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/","reference_id":"","reference_type":"","scores":[],"url":"http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2663.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2663","reference_id":"","reference_type":"","scores":[{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87278","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.8713","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.8714","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87157","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87154","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87174","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87195","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87189","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87185","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.872","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87205","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87199","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87217","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87223","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87226","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87246","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03283","scoring_system":"epss","scoring_elements":"0.87259","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2663"},{"reference_url":"http://secunia.com/advisories/30802","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30802"},{"reference_url":"http://secunia.com/advisories/30831","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30831"},{"reference_url":"http://secunia.com/advisories/30867","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30867"},{"reference_url":"http://secunia.com/advisories/30875","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30875"},{"reference_url":"http://secunia.com/advisories/30894","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30894"},{"reference_url":"http://secunia.com/advisories/31062","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31062"},{"reference_url":"http://secunia.com/advisories/31090","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31090"},{"reference_url":"http://secunia.com/advisories/31181","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31181"},{"reference_url":"http://secunia.com/advisories/31256","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31256"},{"reference_url":"http://secunia.com/advisories/31687","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31687"},{"reference_url":"http://secunia.com/advisories/33178","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33178"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-17.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-17.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43346","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43346"},{"reference_url":"https://issues.rpath.com/browse/RPL-2626","reference_id":"","reference_type":"","scores":[],"url":"https://issues.rpath.com/browse/RPL-2626"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562","reference_id":"","reference_type":"","scores":[],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"},{"reference_url":"https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities"},{"reference_url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"},{"reference_url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206","reference_id":"","reference_type":"","scores":[],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"},{"reference_url":"http://www.debian.org/security/2008/dsa-1612","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1612"},{"reference_url":"http://www.debian.org/security/2008/dsa-1618","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1618"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"},{"reference_url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0561.html"},{"reference_url":"http://www.ruby-forum.com/topic/157034","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-forum.com/topic/157034"},{"reference_url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"},{"reference_url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/493688/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/29903","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/29903"},{"reference_url":"http://www.securitytracker.com/id?1020347","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020347"},{"reference_url":"http://www.ubuntu.com/usn/usn-621-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-621-1"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1907/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1907/references"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1981/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1981/references"},{"reference_url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=450825","reference_id":"450825","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=450825"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2663","reference_id":"CVE-2008-2663","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2663"},{"reference_url":"https://security.gentoo.org/glsa/200812-17","reference_id":"GLSA-200812-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0561","reference_id":"RHSA-2008:0561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0562","reference_id":"RHSA-2008:0562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0562"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/621-1/","reference_id":"USN-621-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/621-1/"}],"fixed_packages":[],"aliases":["CVE-2008-2663","GHSA-8rh4-h2wx-5jpx","OSV-46551"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzqm-gc4w-fbfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62210?format=json","vulnerability_id":"VCID-nxub-6qsu-hbhk","summary":"Multiple vulnerabilities have been found in Ruby, allowing\n    context-dependent attackers to cause a Denial of Service condition.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0188.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0188.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0188","reference_id":"","reference_type":"","scores":[{"value":"0.01937","scoring_system":"epss","scoring_elements":"0.83543","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01937","scoring_system":"epss","scoring_elements":"0.83445","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01937","scoring_system":"epss","scoring_elements":"0.83446","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01937","scoring_system":"epss","scoring_elements":"0.83469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01937","scoring_system":"epss","scoring_elements":"0.83476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01937","scoring_system":"epss","scoring_elements":"0.83479","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01937","scoring_system":"epss","scoring_elements":"0.83503","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01937","scoring_system":"epss","scoring_elements":"0.83524","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02608","scoring_system":"epss","scoring_elements":"0.85561","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02608","scoring_system":"epss","scoring_elements":"0.85633","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02608","scoring_system":"epss","scoring_elements":"0.85573","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02608","scoring_system":"epss","scoring_elements":"0.85591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02608","scoring_system":"epss","scoring_elements":"0.85596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02608","scoring_system":"epss","scoring_elements":"0.85616","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02608","scoring_system":"epss","scoring_elements":"0.85627","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02608","scoring_system":"epss","scoring_elements":"0.8564","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02608","scoring_system":"epss","scoring_elements":"0.85637","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0188"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0188","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0188"},{"reference_url":"http://support.apple.com/kb/HT4581","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT4581"},{"reference_url":"http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993","reference_id":"","reference_type":"","scores":[],"url":"http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:097","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:097"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:098","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:098"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0908.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0908.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0909.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0909.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0910.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0910.html"},{"reference_url":"http://www.securitytracker.com/id?1025236","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025236"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=682332","reference_id":"682332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=682332"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:r18423:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9:r18423:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:r18423:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://security.gentoo.org/glsa/201412-27","reference_id":"GLSA-201412-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0908","reference_id":"RHSA-2011:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0908"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0909","reference_id":"RHSA-2011:0909","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0910","reference_id":"RHSA-2011:0910","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/1377-1/","reference_id":"USN-1377-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1377-1/"}],"fixed_packages":[],"aliases":["CVE-2011-0188","GHSA-6vch-6cgr-x9c3"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nxub-6qsu-hbhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40996?format=json","vulnerability_id":"VCID-pegr-f5mh-ekdz","summary":"Multiple vulnerabilities have been discovered in Ruby that allow for\n    attacks including arbitrary code execution and Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3905.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3905","reference_id":"","reference_type":"","scores":[{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87155","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87007","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87018","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87037","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.8703","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.8705","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87071","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87065","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.8706","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.8708","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87077","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87096","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87102","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87122","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87137","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3905"},{"reference_url":"http://secunia.com/advisories/31430","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31430"},{"reference_url":"http://secunia.com/advisories/32165","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32165"},{"reference_url":"http://secunia.com/advisories/32219","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32219"},{"reference_url":"http://secunia.com/advisories/32255","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32255"},{"reference_url":"http://secunia.com/advisories/32256","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32256"},{"reference_url":"http://secunia.com/advisories/32371","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32371"},{"reference_url":"http://secunia.com/advisories/32948","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32948"},{"reference_url":"http://secunia.com/advisories/33178","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33178"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-17.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-17.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45935","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45935"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754","reference_id":"","reference_type":"","scores":[],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3905","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3905"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm","reference_id":"","reference_type":"","scores":[],"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"},{"reference_url":"http://www.debian.org/security/2008/dsa-1651","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1651"},{"reference_url":"http://www.debian.org/security/2008/dsa-1652","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1652"},{"reference_url":"http://www.openwall.com/lists/oss-security/2008/09/03/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2008/09/03/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2008/09/04/9","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2008/09/04/9"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0897.html"},{"reference_url":"http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"},{"reference_url":"http://www.securityfocus.com/bid/31699","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/31699"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2334","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2334"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=461495","reference_id":"461495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=461495"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p71:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:p71:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p71:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:r18423:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:r18423:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:r18423:*:*:*:*:*:*"},{"reference_url":"https://security.gentoo.org/glsa/200812-17","reference_id":"GLSA-200812-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0896","reference_id":"RHSA-2008:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0897","reference_id":"RHSA-2008:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/651-1/","reference_id":"USN-651-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/651-1/"}],"fixed_packages":[],"aliases":["CVE-2008-3905","GHSA-vwcj-mf69-7rfw"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pegr-f5mh-ekdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70427?format=json","vulnerability_id":"VCID-qyz5-zmnt-qucy","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8780","reference_id":"","reference_type":"","scores":[{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8018","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80144","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80165","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80009","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8003","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8002","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80048","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80076","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80061","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80052","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8008","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80081","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80109","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8013","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561949","reference_id":"1561949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3626-1/","reference_id":"USN-3626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3626-1/"}],"fixed_packages":[],"aliases":["CVE-2018-8780","GHSA-fphx-j9v2-w2cx"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyz5-zmnt-qucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57855?format=json","vulnerability_id":"VCID-rwak-wvuw-qbcg","summary":"security update","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0472.html","reference_id":"","reference_type":"","scores":[],"url":"http://advisories.mageia.org/MGASA-2014-0472.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1912.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1912.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1913.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1913.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1914.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1914.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4975.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4975","reference_id":"","reference_type":"","scores":[{"value":"0.03404","scoring_system":"epss","scoring_elements":"0.87508","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03404","scoring_system":"epss","scoring_elements":"0.87462","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03404","scoring_system":"epss","scoring_elements":"0.87476","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03404","scoring_system":"epss","scoring_elements":"0.87491","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87499","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87505","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87517","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87454","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87523","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87525","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87539","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87546","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87508","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87464","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.87478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03449","scoring_system":"epss","scoring_elements":"0.8748","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4975"},{"reference_url":"https://bugs.ruby-lang.org/issues/10019","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.ruby-lang.org/issues/10019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94706","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94706"},{"reference_url":"http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778","reference_id":"","reference_type":"","scores":[],"url":"http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778"},{"reference_url":"http://www.debian.org/security/2015/dsa-3157","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3157"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/07/09/13","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/07/09/13"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://www.securityfocus.com/bid/68474","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/68474"},{"reference_url":"http://www.ubuntu.com/usn/USN-2397-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2397-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1118158","reference_id":"1118158","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1118158"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4975","reference_id":"CVE-2014-4975","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4975"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1912","reference_id":"RHSA-2014:1912","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1912"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1913","reference_id":"RHSA-2014:1913","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1914","reference_id":"RHSA-2014:1914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/2397-1/","reference_id":"USN-2397-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2397-1/"}],"fixed_packages":[],"aliases":["CVE-2014-4975","GHSA-gxj7-mcpg-jpr6","OSV-108971"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rwak-wvuw-qbcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63474?format=json","vulnerability_id":"VCID-sf98-mryd-yfb3","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9096.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9096.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9096","reference_id":"","reference_type":"","scores":[{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81593","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81801","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81737","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81755","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81777","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81604","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81625","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81623","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.8165","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81655","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81676","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81662","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81656","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81694","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81698","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81722","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81731","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9096"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/137631","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://hackerone.com/reports/137631"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461846","reference_id":"1461846","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3365-1/","reference_id":"USN-3365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3365-1/"}],"fixed_packages":[],"aliases":["CVE-2015-9096","GHSA-2h3c-5vqm-gqfh"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sf98-mryd-yfb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90861?format=json","vulnerability_id":"VCID-sfzh-hn56-hbak","summary":"Buffer overflow vulnerability in Zlib::GzipReader\nA buffer overflow vulnerability exists in Zlib::GzipReader.\nThis vulnerability has been assigned the CVE identifier\nCVE-2026-27820. We recommend upgrading the zlib gem.\n\n## Details\n\nThe zstream_buffer_ungets function prepends caller-provided bytes\nahead of previously produced output but fails to guarantee the\nbacking Ruby string has enough capacity before the memmove shifts\nthe existing data. This can lead to memory corruption when the\nbuffer length exceeds capacity.\n\n## Recommended action\n\nWe recommend to update the zlib gem to version 3.2.3 or later.\nIn order to ensure compatibility with bundled version in older\nRuby series, you may update as follows instead:\n\n* For Ruby 3.2 users: Update to zlib 3.0.1\n* For Ruby 3.3 users: Update to zlib 3.1.2\n* You can use gem update zlib to update it. If you are using\n   bundler, please add gem \"zlib\", \">= 3.2.3\" to your Gemfile.\n\n## Affected versions:\n\nzlib gem 3.2.2 or lower\n\n## Credits\n\nThanks to calysteon for reporting this issue. Also thanks to\nnobu for creating the patch.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27820.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27820.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27820","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02096","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02077","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02079","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02126","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02466","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04667","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04633","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12746","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27820"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/zlib/CVE-2026-27820.yml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/zlib/CVE-2026-27820.yml"},{"reference_url":"https://github.com/ruby/zlib","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/zlib"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27820","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27820"},{"reference_url":"https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134341","reference_id":"1134341","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134341"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459002","reference_id":"2459002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459002"},{"reference_url":"https://hackerone.com/reports/3467067","reference_id":"3467067","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T18:20:13Z/"}],"url":"https://hackerone.com/reports/3467067"},{"reference_url":"https://github.com/advisories/GHSA-g857-hhfv-j68w","reference_id":"GHSA-g857-hhfv-j68w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g857-hhfv-j68w"},{"reference_url":"https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w","reference_id":"GHSA-g857-hhfv-j68w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T18:20:13Z/"}],"url":"https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"}],"fixed_packages":[],"aliases":["CVE-2026-27820","GHSA-g857-hhfv-j68w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfzh-hn56-hbak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41893?format=json","vulnerability_id":"VCID-t9y5-hd9b-bkc4","summary":"Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31810.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31810","reference_id":"","reference_type":"","scores":[{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70265","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70464","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70412","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.7042","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70419","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70392","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70433","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70277","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70295","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70271","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70316","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70354","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70339","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.7037","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70379","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.7036","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31810","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31810"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014818","reference_id":"1014818","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014818"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980126","reference_id":"1980126","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980126"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990815","reference_id":"990815","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990815"},{"reference_url":"https://security.archlinux.org/ASA-202107-23","reference_id":"ASA-202107-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-23"},{"reference_url":"https://security.archlinux.org/AVG-1906","reference_id":"AVG-1906","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1906"},{"reference_url":"https://security.archlinux.org/AVG-2138","reference_id":"AVG-2138","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3020","reference_id":"RHSA-2021:3020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3559","reference_id":"RHSA-2021:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3982","reference_id":"RHSA-2021:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0543","reference_id":"RHSA-2022:0543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0544","reference_id":"RHSA-2022:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0672","reference_id":"RHSA-2022:0672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0708","reference_id":"RHSA-2022:0708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/5020-1/","reference_id":"USN-5020-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5020-1/"}],"fixed_packages":[],"aliases":["CVE-2021-31810","GHSA-wr95-679j-87v9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9y5-hd9b-bkc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41892?format=json","vulnerability_id":"VCID-vcz9-dvf4-47am","summary":"Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25613.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25613.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25613","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50518","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50488","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50434","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50516","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50562","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50627","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50605","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50623","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50581","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50595","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50618","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50575","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50579","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50524","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50571","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50554","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25613"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2020-25613.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2020-25613.yml"},{"reference_url":"https://github.com/ruby/webrick","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/webrick"},{"reference_url":"https://github.com/ruby/webrick/commit/076ac636bf48b7a492887ce4de7041de23e6c00d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/webrick/commit/076ac636bf48b7a492887ce4de7041de23e6c00d"},{"reference_url":"https://github.com/ruby/webrick/commit/7618049fa57ddad2efff2a7bc7dad7d2d8a311b1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/webrick/commit/7618049fa57ddad2efff2a7bc7dad7d2d8a311b1"},{"reference_url":"https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7"},{"reference_url":"https://github.com/ruby/webrick/commit/af2efdcdf826f25592202d187c53963e7932e4b9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/webrick/commit/af2efdcdf826f25592202d187c53963e7932e4b9"},{"reference_url":"https://hackerone.com/reports/965267","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/965267"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25613","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25613"},{"reference_url":"https://security.gentoo.org/glsa/202401-27","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202401-27"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210115-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210115-0008"},{"reference_url":"https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613"},{"reference_url":"https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1883623","reference_id":"1883623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1883623"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://github.com/advisories/GHSA-gwfg-cqmg-cf8f","reference_id":"GHSA-gwfg-cqmg-cf8f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gwfg-cqmg-cf8f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2229","reference_id":"RHSA-2021:2229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2584","reference_id":"RHSA-2021:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/4882-1/","reference_id":"USN-4882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4882-1/"}],"fixed_packages":[],"aliases":["CVE-2020-25613","GHSA-gwfg-cqmg-cf8f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcz9-dvf4-47am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57856?format=json","vulnerability_id":"VCID-wzdf-d9fv-u3hh","summary":"security update","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0443.html","reference_id":"","reference_type":"","scores":[],"url":"http://advisories.mageia.org/MGASA-2014-0443.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1911.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1911.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1912.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1912.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1913.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1913.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1914.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1914.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8080.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8080","reference_id":"","reference_type":"","scores":[{"value":"0.09758","scoring_system":"epss","scoring_elements":"0.93003","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09758","scoring_system":"epss","scoring_elements":"0.92968","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09758","scoring_system":"epss","scoring_elements":"0.92976","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09758","scoring_system":"epss","scoring_elements":"0.92992","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93339","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93347","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93317","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93366","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93371","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93378","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93382","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93326","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93332","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10784","scoring_system":"epss","scoring_elements":"0.93331","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090"},{"reference_url":"http://secunia.com/advisories/61607","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61607"},{"reference_url":"http://secunia.com/advisories/62050","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/62050"},{"reference_url":"http://secunia.com/advisories/62748","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/62748"},{"reference_url":"https://support.apple.com/HT205267","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT205267"},{"reference_url":"https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080"},{"reference_url":"https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/"},{"reference_url":"http://www.debian.org/security/2015/dsa-3157","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3157"},{"reference_url":"http://www.debian.org/security/2015/dsa-3159","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3159"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://www.securityfocus.com/bid/70935","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/70935"},{"reference_url":"http://www.ubuntu.com/usn/USN-2397-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2397-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1157709","reference_id":"1157709","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1157709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8080","reference_id":"CVE-2014-8080","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8080"},{"reference_url":"https://security.gentoo.org/glsa/201412-27","reference_id":"GLSA-201412-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1911","reference_id":"RHSA-2014:1911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1912","reference_id":"RHSA-2014:1912","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1912"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1913","reference_id":"RHSA-2014:1913","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1914","reference_id":"RHSA-2014:1914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/2397-1/","reference_id":"USN-2397-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2397-1/"}],"fixed_packages":[],"aliases":["CVE-2014-8080","GHSA-ggvr-v7qh-jwjh","OSV-113747"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzdf-d9fv-u3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76720?format=json","vulnerability_id":"VCID-x126-x9qm-e7d3","summary":"ruby: Arbitrary memory address read vulnerability with Regex search","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27282.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27282","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.6876","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68642","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.6869","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68696","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68701","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68681","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68723","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69954","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70002","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70018","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70042","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70027","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70013","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70057","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70066","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69977","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27282"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T18:26:58Z/"}],"url":"https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069969","reference_id":"1069969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069969"},{"reference_url":"https://hackerone.com/reports/2122624","reference_id":"2122624","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T18:26:58Z/"}],"url":"https://hackerone.com/reports/2122624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276810","reference_id":"2276810","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3500","reference_id":"RHSA-2024:3500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3546","reference_id":"RHSA-2024:3546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3668","reference_id":"RHSA-2024:3668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3670","reference_id":"RHSA-2024:3670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3671","reference_id":"RHSA-2024:3671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3838","reference_id":"RHSA-2024:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4499","reference_id":"RHSA-2024:4499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/6838-1/","reference_id":"USN-6838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6838-1/"},{"reference_url":"https://usn.ubuntu.com/7734-1/","reference_id":"USN-7734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7734-1/"}],"fixed_packages":[],"aliases":["CVE-2024-27282","GHSA-63cq-cj6g-qfr2"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x126-x9qm-e7d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62457?format=json","vulnerability_id":"VCID-xkd6-jvma-skfk","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14064.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14064","reference_id":"","reference_type":"","scores":[{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78898","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78955","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78904","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78933","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78916","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78941","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78947","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.7897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78945","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78974","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81066","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81088","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.8111","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81035","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81044","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81051","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81012","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81013","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14064","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14064"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487552","reference_id":"1487552","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3439-1/","reference_id":"USN-3439-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3439-1/"}],"fixed_packages":[],"aliases":["CVE-2017-14064","GHSA-954h-8gv7-2q75"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkd6-jvma-skfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36469?format=json","vulnerability_id":"VCID-y56y-5am7-wkhr","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16254","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72109","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72282","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72241","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72235","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72226","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72255","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72115","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72135","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72113","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.7215","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72162","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72196","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72204","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72232","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16254","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16254"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789556","reference_id":"1789556","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789556"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[],"aliases":["CVE-2019-16254","GHSA-w9fp-2996-hhwx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y56y-5am7-wkhr"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1%3Farch=hum1"}