{"url":"http://public2.vulnerablecode.io/api/packages/130654?format=json","purl":"pkg:ruby/ruby@2.6","type":"ruby","namespace":"","name":"ruby","version":"2.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70421?format=json","vulnerability_id":"VCID-1cad-uybu-2uau","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17742.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17742","reference_id":"","reference_type":"","scores":[{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78636","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78581","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78597","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78622","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.7845","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78456","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.7847","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78502","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78527","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.785","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78524","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78556","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78564","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17742","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17742"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561952","reference_id":"1561952","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561952"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1963","reference_id":"RHSA-2020:1963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2212","reference_id":"RHSA-2020:2212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2288","reference_id":"RHSA-2020:2288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2288"}],"fixed_packages":[],"aliases":["CVE-2017-17742","GHSA-7p4c-jf2w-hc3w"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cad-uybu-2uau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81473?format=json","vulnerability_id":"VCID-3d14-jf3q-xqbf","summary":"ruby: BasicSocket#read_nonblock method leads to information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10933.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10933.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10933","reference_id":"","reference_type":"","scores":[{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.62985","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63204","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63142","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63109","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63154","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63044","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63104","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63121","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63107","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.6312","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63127","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63108","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63129","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63143","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10933","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10933"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833291","reference_id":"1833291","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4882-1/","reference_id":"USN-4882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4882-1/"}],"fixed_packages":[],"aliases":["CVE-2020-10933","GHSA-g5hm-28jr-53fh"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3d14-jf3q-xqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36467?format=json","vulnerability_id":"VCID-5fqj-uwnz-93af","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15845","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55085","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55206","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55107","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55148","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55186","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5521","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55187","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55248","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55228","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55209","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55251","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55231","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55167","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55159","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789407","reference_id":"1789407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789407"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[],"aliases":["CVE-2019-15845"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5fqj-uwnz-93af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70423?format=json","vulnerability_id":"VCID-bad1-7aa4-cugv","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6914.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6914.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6914","reference_id":"","reference_type":"","scores":[{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84884","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85073","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85029","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85053","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.849","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84918","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84922","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84945","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84952","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84967","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84966","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84961","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84982","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84981","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85014","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85013","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561947","reference_id":"1561947","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561947"},{"reference_url":"https://usn.ubuntu.com/3626-1/","reference_id":"USN-3626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3626-1/"}],"fixed_packages":[],"aliases":["CVE-2018-6914","GHSA-wpg3-wgm5-rv8w"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bad1-7aa4-cugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10062?format=json","vulnerability_id":"VCID-c3y8-w4b4-3qea","summary":"Improper Certificate Validation\nWhen two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3738","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1948","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2565","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2565"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16395.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16395.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16395","reference_id":"","reference_type":"","scores":[{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89104","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89093","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89077","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8907","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89068","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8906","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89047","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89048","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89034","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89042","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8903","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89024","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89006","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89004","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.88988","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8898","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2018-16395.yml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2018-16395.yml"},{"reference_url":"https://hackerone.com/reports/387250","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/387250"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190221-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190221-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190221-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190221-0002/"},{"reference_url":"https://usn.ubuntu.com/3808-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3808-1"},{"reference_url":"https://web.archive.org/web/20211206015239/https://securitytracker.com/id/1042105","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211206015239/https://securitytracker.com/id/1042105"},{"reference_url":"https://www.debian.org/security/2018/dsa-4332","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4332"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"},{"reference_url":"http://www.securitytracker.com/id/1042105","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042105"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643086","reference_id":"1643086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643086"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16395","reference_id":"CVE-2018-16395","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16395"},{"reference_url":"https://github.com/advisories/GHSA-mmrq-6999-72v8","reference_id":"GHSA-mmrq-6999-72v8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmrq-6999-72v8"},{"reference_url":"https://usn.ubuntu.com/3808-1/","reference_id":"USN-3808-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3808-1/"}],"fixed_packages":[],"aliases":["CVE-2018-16395","GHSA-mmrq-6999-72v8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3y8-w4b4-3qea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33523?format=json","vulnerability_id":"VCID-d6tn-s1q2-a3hc","summary":"Unsafe object creation in json RubyGem\nThe JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10663","reference_id":"","reference_type":"","scores":[{"value":"0.05892","scoring_system":"epss","scoring_elements":"0.90624","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05892","scoring_system":"epss","scoring_elements":"0.90643","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05892","scoring_system":"epss","scoring_elements":"0.90611","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05892","scoring_system":"epss","scoring_elements":"0.90657","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91812","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91792","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91784","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91779","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.9177","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91805","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91833","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91827","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91832","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91813","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91815","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Dec/32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2020/Dec/32"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/flori/json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flori/json"},{"reference_url":"https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml"},{"reference_url":"https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10663"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210129-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210129-0003/"},{"reference_url":"https://support.apple.com/kb/HT211931","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT211931"},{"reference_url":"https://www.debian.org/security/2020/dsa-4721","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4721"},{"reference_url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663"},{"reference_url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827500","reference_id":"1827500","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827500"},{"reference_url":"https://github.com/advisories/GHSA-jphg-qwrw-7w9g","reference_id":"GHSA-jphg-qwrw-7w9g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jphg-qwrw-7w9g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2462","reference_id":"RHSA-2020:2462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2473","reference_id":"RHSA-2020:2473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2670","reference_id":"RHSA-2020:2670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4882-1/","reference_id":"USN-4882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4882-1/"}],"fixed_packages":[],"aliases":["CVE-2020-10663","GHSA-jphg-qwrw-7w9g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tn-s1q2-a3hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36471?format=json","vulnerability_id":"VCID-f6d8-e8tp-c3am","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16255.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16255.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16255","reference_id":"","reference_type":"","scores":[{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78518","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78703","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78631","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78648","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78664","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78688","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78524","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78555","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78538","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78564","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.7857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78594","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78575","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78567","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78595","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78592","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78623","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16255","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16255"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793683","reference_id":"1793683","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793683"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[],"aliases":["CVE-2019-16255","GHSA-ph7w-p94x-9vvw"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6d8-e8tp-c3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74623?format=json","vulnerability_id":"VCID-kamp-zmtx-aqbz","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16396.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16396.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16396","reference_id":"","reference_type":"","scores":[{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87143","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.8729","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87258","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87271","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87154","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87171","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87168","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87188","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87195","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87208","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87202","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87198","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87212","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87217","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87211","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.8723","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87236","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87239","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643089","reference_id":"1643089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2769","reference_id":"RHSA-2020:2769","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2839","reference_id":"RHSA-2020:2839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2839"},{"reference_url":"https://usn.ubuntu.com/3808-1/","reference_id":"USN-3808-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3808-1/"}],"fixed_packages":[],"aliases":["CVE-2018-16396","GHSA-xh4x-ph6p-vmxh"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kamp-zmtx-aqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36468?format=json","vulnerability_id":"VCID-kp26-vpgn-k7az","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16201.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16201","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69541","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69754","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69679","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69723","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69553","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69568","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69547","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69615","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69637","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69622","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69648","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69656","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6969","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69703","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1773728","reference_id":"1773728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1773728"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[],"aliases":["CVE-2019-16201"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kp26-vpgn-k7az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70427?format=json","vulnerability_id":"VCID-qyz5-zmnt-qucy","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8780","reference_id":"","reference_type":"","scores":[{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8018","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80144","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80165","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80009","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8003","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8002","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80048","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80076","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80061","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80052","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8008","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80081","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80109","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8013","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561949","reference_id":"1561949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3626-1/","reference_id":"USN-3626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3626-1/"}],"fixed_packages":[],"aliases":["CVE-2018-8780","GHSA-fphx-j9v2-w2cx"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyz5-zmnt-qucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70424?format=json","vulnerability_id":"VCID-rdme-1q3s-43d8","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8777.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8777","reference_id":"","reference_type":"","scores":[{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80909","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80802","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80805","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80806","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80828","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80834","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80846","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80864","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80886","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83063","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.82993","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83053","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83069","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.8301","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83023","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83021","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83046","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561950","reference_id":"1561950","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561950"}],"fixed_packages":[],"aliases":["CVE-2018-8777","GHSA-9j6f-82h4-9mw2"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdme-1q3s-43d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70426?format=json","vulnerability_id":"VCID-y29u-wpkt-rkgp","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8779.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8779","reference_id":"","reference_type":"","scores":[{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79555","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79746","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79706","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79729","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79561","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79584","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79571","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79599","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79607","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79628","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79612","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79604","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79634","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79637","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79667","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79674","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.7969","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561948","reference_id":"1561948","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561948"},{"reference_url":"https://usn.ubuntu.com/3626-1/","reference_id":"USN-3626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3626-1/"}],"fixed_packages":[],"aliases":["CVE-2018-8779"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y29u-wpkt-rkgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36469?format=json","vulnerability_id":"VCID-y56y-5am7-wkhr","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16254","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72109","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72282","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72241","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72235","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72226","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72255","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72115","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72135","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72113","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.7215","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72162","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72196","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72204","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72232","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16254","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16254"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789556","reference_id":"1789556","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789556"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[],"aliases":["CVE-2019-16254","GHSA-w9fp-2996-hhwx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y56y-5am7-wkhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70425?format=json","vulnerability_id":"VCID-zwxw-299r-wfgx","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8778.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8778","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67619","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67565","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67539","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67583","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67429","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67465","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67486","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67516","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67553","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.6754","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67507","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67543","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67555","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67534","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67564","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8778","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8778"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561953","reference_id":"1561953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1963","reference_id":"RHSA-2020:1963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2212","reference_id":"RHSA-2020:2212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2288","reference_id":"RHSA-2020:2288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2288"},{"reference_url":"https://usn.ubuntu.com/3626-1/","reference_id":"USN-3626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3626-1/"}],"fixed_packages":[],"aliases":["CVE-2018-8778","GHSA-wvhq-ch4h-8pwr"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwxw-299r-wfgx"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@2.6"}