{"url":"http://public2.vulnerablecode.io/api/packages/130664?format=json","purl":"pkg:ruby/ruby@2.4","type":"ruby","namespace":"","name":"ruby","version":"2.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70421?format=json","vulnerability_id":"VCID-1cad-uybu-2uau","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17742.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17742","reference_id":"","reference_type":"","scores":[{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78701","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78632","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78648","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78687","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.7845","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78456","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.7847","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78502","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78527","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.785","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78524","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78556","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78564","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78581","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78597","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78622","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01152","scoring_system":"epss","scoring_elements":"0.78636","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17742","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17742"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561952","reference_id":"1561952","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561952"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1963","reference_id":"RHSA-2020:1963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2212","reference_id":"RHSA-2020:2212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2288","reference_id":"RHSA-2020:2288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2288"}],"fixed_packages":[],"aliases":["CVE-2017-17742","GHSA-7p4c-jf2w-hc3w"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cad-uybu-2uau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15467?format=json","vulnerability_id":"VCID-91b7-xx8t-rqhr","summary":"Improper Authentication\nThe Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3485","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10784.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10784.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10784","reference_id":"","reference_type":"","scores":[{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80338","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.8032","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80309","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80281","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80293","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80265","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01385","scoring_system":"epss","scoring_elements":"0.80272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80425","published_at":"2026-04-12T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80419","published_at":"2026-04-13T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81894","published_at":"2026-05-15T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81833","published_at":"2026-05-11T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81812","published_at":"2026-05-07T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81773","published_at":"2026-04-29T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81767","published_at":"2026-04-26T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81758","published_at":"2026-04-24T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81733","published_at":"2026-04-21T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.8173","published_at":"2026-04-18T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.8185","published_at":"2026-05-12T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81891","published_at":"2026-05-14T12:55:00Z"},{"value":"0.016","scoring_system":"epss","scoring_elements":"0.81836","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:P"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/ruby/commit/6617c41292","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/ruby/commit/6617c41292"},{"reference_url":"https://github.com/ruby/webrick","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/webrick"},{"reference_url":"https://github.com/ruby/webrick/commit/4ac0f3843ab82d1c31e1cfc719409208adef7813","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/webrick/commit/4ac0f3843ab82d1c31e1cfc719409208adef7813"},{"reference_url":"https://hackerone.com/reports/223363","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/223363"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://security.gentoo.org/glsa/201710-18","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201710-18"},{"reference_url":"https://usn.ubuntu.com/3528-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3528-1"},{"reference_url":"https://usn.ubuntu.com/3528-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3528-1/"},{"reference_url":"https://usn.ubuntu.com/3685-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3685-1"},{"reference_url":"https://usn.ubuntu.com/3685-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3685-1/"},{"reference_url":"https://web.archive.org/web/20210621131814/http://www.securityfocus.com/bid/100853","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210621131814/http://www.securityfocus.com/bid/100853"},{"reference_url":"https://web.archive.org/web/20210919031115/http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210919031115/http://www.securitytracker.com/id/1042004"},{"reference_url":"https://web.archive.org/web/20211025092552/http://www.securitytracker.com/id/1039363","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211025092552/http://www.securitytracker.com/id/1039363"},{"reference_url":"https://www.debian.org/security/2017/dsa-4031","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-4031"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"},{"reference_url":"http://www.securityfocus.com/bid/100853","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100853"},{"reference_url":"http://www.securitytracker.com/id/1039363","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039363"},{"reference_url":"http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1492012","reference_id":"1492012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1492012"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10784","reference_id":"CVE-2017-10784","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10784"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2017-10784.yml","reference_id":"CVE-2017-10784.YML","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2017-10784.yml"},{"reference_url":"https://github.com/advisories/GHSA-369m-2gv6-mw28","reference_id":"GHSA-369m-2gv6-mw28","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-369m-2gv6-mw28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3439-1/","reference_id":"USN-3439-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3439-1/"}],"fixed_packages":[],"aliases":["CVE-2017-10784","GHSA-369m-2gv6-mw28"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91b7-xx8t-rqhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70423?format=json","vulnerability_id":"VCID-bad1-7aa4-cugv","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6914.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6914.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6914","reference_id":"","reference_type":"","scores":[{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84884","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85127","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85085","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85118","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.849","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84918","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84922","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84945","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84952","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84967","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84966","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84961","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84982","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84981","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85014","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85013","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85029","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85053","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85073","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85069","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561947","reference_id":"1561947","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561947"},{"reference_url":"https://usn.ubuntu.com/3626-1/","reference_id":"USN-3626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3626-1/"}],"fixed_packages":[],"aliases":["CVE-2018-6914","GHSA-wpg3-wgm5-rv8w"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bad1-7aa4-cugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70422?format=json","vulnerability_id":"VCID-beub-d11r-nbe4","summary":"security update","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17790.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17790.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17790","reference_id":"","reference_type":"","scores":[{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89267","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89426","published_at":"2026-05-15T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89374","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89387","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89385","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89396","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89417","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89273","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89286","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89289","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89306","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89311","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.8932","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89317","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89314","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89327","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89326","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89321","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89339","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89344","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89347","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04656","scoring_system":"epss","scoring_elements":"0.89356","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/ruby/pull/1777","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ruby/ruby/pull/1777"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17790","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17790"},{"reference_url":"https://www.debian.org/security/2018/dsa-4259","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1528218","reference_id":"1528218","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1528218"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0584","reference_id":"RHSA-2018:0584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0584"}],"fixed_packages":[],"aliases":["CVE-2017-17790","GHSA-47cm-jxff-w8wg"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-beub-d11r-nbe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10062?format=json","vulnerability_id":"VCID-c3y8-w4b4-3qea","summary":"Improper Certificate Validation\nWhen two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3738","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1948","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2565","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2565"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16395.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16395.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16395","reference_id":"","reference_type":"","scores":[{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89135","published_at":"2026-05-15T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89099","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89104","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89093","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89077","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8907","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89068","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8906","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89047","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89048","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89034","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89042","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8903","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89024","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89006","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89004","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.88988","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8898","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89108","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89124","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2018-16395.yml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2018-16395.yml"},{"reference_url":"https://hackerone.com/reports/387250","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/387250"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190221-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190221-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190221-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190221-0002/"},{"reference_url":"https://usn.ubuntu.com/3808-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3808-1"},{"reference_url":"https://web.archive.org/web/20211206015239/https://securitytracker.com/id/1042105","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211206015239/https://securitytracker.com/id/1042105"},{"reference_url":"https://www.debian.org/security/2018/dsa-4332","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4332"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"},{"reference_url":"http://www.securitytracker.com/id/1042105","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042105"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643086","reference_id":"1643086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643086"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16395","reference_id":"CVE-2018-16395","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16395"},{"reference_url":"https://github.com/advisories/GHSA-mmrq-6999-72v8","reference_id":"GHSA-mmrq-6999-72v8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmrq-6999-72v8"},{"reference_url":"https://usn.ubuntu.com/3808-1/","reference_id":"USN-3808-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3808-1/"}],"fixed_packages":[],"aliases":["CVE-2018-16395","GHSA-mmrq-6999-72v8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3y8-w4b4-3qea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15868?format=json","vulnerability_id":"VCID-fapg-pt6b-rfb2","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14033.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14033","reference_id":"","reference_type":"","scores":[{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.91946","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.92002","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.91983","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.91986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.91987","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.91984","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.91981","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.91968","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.91962","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07822","scoring_system":"epss","scoring_elements":"0.91954","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.92209","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.92204","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.92228","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.92218","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.9221","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.92207","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.92273","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.92237","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.9224","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.92247","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0818","scoring_system":"epss","scoring_elements":"0.92266","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/openssl","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/openssl"},{"reference_url":"https://github.com/ruby/openssl/commit/36bf7f403ebb6cefcaa1e7af9d8ec99e6b4bc1ed","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/openssl/commit/36bf7f403ebb6cefcaa1e7af9d8ec99e6b4bc1ed"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://security.gentoo.org/glsa/201710-18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201710-18"},{"reference_url":"https://web.archive.org/web/20210509153849/http://www.securityfocus.com/bid/100868","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210509153849/http://www.securityfocus.com/bid/100868"},{"reference_url":"https://web.archive.org/web/20210622181826/http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210622181826/http://www.securitytracker.com/id/1042004"},{"reference_url":"https://web.archive.org/web/20210724095519/http://www.securitytracker.com/id/1039363","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210724095519/http://www.securitytracker.com/id/1039363"},{"reference_url":"https://www.debian.org/security/2017/dsa-4031","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-4031"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"},{"reference_url":"http://www.securityfocus.com/bid/100868","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100868"},{"reference_url":"http://www.securitytracker.com/id/1039363","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039363"},{"reference_url":"http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491866","reference_id":"1491866","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491866"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.0:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.0:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14033","reference_id":"CVE-2017-14033","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14033"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2017-14033.yml","reference_id":"CVE-2017-14033.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2017-14033.yml"},{"reference_url":"https://github.com/advisories/GHSA-v6rp-3r3v-hf4p","reference_id":"GHSA-v6rp-3r3v-hf4p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6rp-3r3v-hf4p"},{"reference_url":"https://usn.ubuntu.com/3439-1/","reference_id":"USN-3439-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3439-1/"}],"fixed_packages":[],"aliases":["CVE-2017-14033","GHSA-v6rp-3r3v-hf4p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fapg-pt6b-rfb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74623?format=json","vulnerability_id":"VCID-kamp-zmtx-aqbz","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16396.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16396.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16396","reference_id":"","reference_type":"","scores":[{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87143","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87343","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87299","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87334","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87154","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87171","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87168","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87188","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87195","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87208","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87202","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87198","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87212","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87217","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87211","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.8723","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87236","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87239","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87258","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87271","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.8729","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03288","scoring_system":"epss","scoring_elements":"0.87284","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643089","reference_id":"1643089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2769","reference_id":"RHSA-2020:2769","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2839","reference_id":"RHSA-2020:2839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2839"},{"reference_url":"https://usn.ubuntu.com/3808-1/","reference_id":"USN-3808-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3808-1/"}],"fixed_packages":[],"aliases":["CVE-2018-16396","GHSA-xh4x-ph6p-vmxh"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kamp-zmtx-aqbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70427?format=json","vulnerability_id":"VCID-qyz5-zmnt-qucy","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8780","reference_id":"","reference_type":"","scores":[{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80238","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80193","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80235","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80009","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8003","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8002","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80048","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80076","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80061","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80052","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8008","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80081","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80109","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8013","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80144","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80165","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.8018","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80178","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561949","reference_id":"1561949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3626-1/","reference_id":"USN-3626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3626-1/"}],"fixed_packages":[],"aliases":["CVE-2018-8780","GHSA-fphx-j9v2-w2cx"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyz5-zmnt-qucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70424?format=json","vulnerability_id":"VCID-rdme-1q3s-43d8","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8777.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8777","reference_id":"","reference_type":"","scores":[{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80969","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80806","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80828","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80834","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80846","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80864","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80886","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80909","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80903","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80922","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80965","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80802","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.80805","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.82993","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83069","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83063","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.8301","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83023","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83021","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83046","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01864","scoring_system":"epss","scoring_elements":"0.83053","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561950","reference_id":"1561950","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561950"}],"fixed_packages":[],"aliases":["CVE-2018-8777","GHSA-9j6f-82h4-9mw2"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdme-1q3s-43d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63474?format=json","vulnerability_id":"VCID-sf98-mryd-yfb3","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9096.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9096.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9096","reference_id":"","reference_type":"","scores":[{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81593","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81859","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81797","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81815","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81856","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81604","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81625","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81623","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.8165","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81655","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81676","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81662","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81656","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81694","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81698","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81722","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81731","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81737","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81755","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81777","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81801","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9096"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/137631","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://hackerone.com/reports/137631"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461846","reference_id":"1461846","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3365-1/","reference_id":"USN-3365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3365-1/"}],"fixed_packages":[],"aliases":["CVE-2015-9096","GHSA-2h3c-5vqm-gqfh"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sf98-mryd-yfb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78993?format=json","vulnerability_id":"VCID-tzne-zeeh-wuet","summary":"ruby: heap buffer overflow in the Psych::Emitter start_document function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2338.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2338.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2338","reference_id":"","reference_type":"","scores":[{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94164","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94285","published_at":"2026-05-15T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94262","published_at":"2026-05-11T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94268","published_at":"2026-05-12T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94282","published_at":"2026-05-14T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94173","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94185","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94187","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94206","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94221","published_at":"2026-04-16T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94227","published_at":"2026-04-21T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.9423","published_at":"2026-04-29T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94234","published_at":"2026-05-05T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94245","published_at":"2026-05-07T12:55:00Z"},{"value":"0.13462","scoring_system":"epss","scoring_elements":"0.94256","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2338"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2338","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2338"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2133689","reference_id":"2133689","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2133689"}],"fixed_packages":[],"aliases":["CVE-2016-2338","GHSA-r46x-xjwr-8v2g"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzne-zeeh-wuet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62457?format=json","vulnerability_id":"VCID-xkd6-jvma-skfk","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14064.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14064","reference_id":"","reference_type":"","scores":[{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78898","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78974","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78904","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78933","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78916","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78941","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78947","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.7897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78955","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.78945","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81164","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81168","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.8111","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81105","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81123","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81012","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81013","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81035","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81044","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81051","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81066","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81088","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14064","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14064"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487552","reference_id":"1487552","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/3439-1/","reference_id":"USN-3439-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3439-1/"}],"fixed_packages":[],"aliases":["CVE-2017-14064","GHSA-954h-8gv7-2q75"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkd6-jvma-skfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70426?format=json","vulnerability_id":"VCID-y29u-wpkt-rkgp","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8779.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8779","reference_id":"","reference_type":"","scores":[{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79555","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79799","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79755","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79793","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79561","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79584","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79571","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79599","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79607","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79628","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79612","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79604","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79634","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79637","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79667","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79674","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.7969","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79706","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79729","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79746","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.79742","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561948","reference_id":"1561948","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561948"},{"reference_url":"https://usn.ubuntu.com/3626-1/","reference_id":"USN-3626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3626-1/"}],"fixed_packages":[],"aliases":["CVE-2018-8779"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y29u-wpkt-rkgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70425?format=json","vulnerability_id":"VCID-zwxw-299r-wfgx","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8778.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8778","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67688","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67591","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67616","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67676","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67429","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67465","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67486","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67516","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67553","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.6754","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67507","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67543","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67555","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67534","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67564","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67565","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67539","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67583","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67619","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8778","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8778"},{"reference_url":"https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561953","reference_id":"1561953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1963","reference_id":"RHSA-2020:1963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2212","reference_id":"RHSA-2020:2212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2288","reference_id":"RHSA-2020:2288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2288"},{"reference_url":"https://usn.ubuntu.com/3626-1/","reference_id":"USN-3626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3626-1/"}],"fixed_packages":[],"aliases":["CVE-2018-8778","GHSA-wvhq-ch4h-8pwr"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwxw-299r-wfgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62456?format=json","vulnerability_id":"VCID-zybm-uuxu-67gh","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3485","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0898.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0898.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0898","reference_id":"","reference_type":"","scores":[{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74326","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74198","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74224","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74233","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74232","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74227","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74255","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74279","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74242","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74265","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74321","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74809","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74782","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74853","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74779","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.7483","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74815","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78078","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.7811","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/mruby/mruby/issues/3722","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mruby/mruby/issues/3722"},{"reference_url":"https://hackerone.com/reports/212241","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/212241"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0898","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0898"},{"reference_url":"https://security.gentoo.org/glsa/201710-18","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-18"},{"reference_url":"https://usn.ubuntu.com/3685-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3685-1/"},{"reference_url":"https://www.debian.org/security/2017/dsa-4031","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4031"},{"reference_url":"https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/"},{"reference_url":"http://www.securityfocus.com/bid/100862","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100862"},{"reference_url":"http://www.securitytracker.com/id/1039363","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1492015","reference_id":"1492015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1492015"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://usn.ubuntu.com/3439-1/","reference_id":"USN-3439-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3439-1/"}],"fixed_packages":[],"aliases":["CVE-2017-0898","GHSA-wvmx-3rv2-5jgf"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zybm-uuxu-67gh"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@2.4"}