{"url":"http://public2.vulnerablecode.io/api/packages/159773?format=json","purl":"pkg:gem/rubygems-update@2.4.6","type":"gem","namespace":"","name":"rubygems-update","version":"2.4.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.3","latest_non_vulnerable_version":"3.0.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39470?format=json","vulnerability_id":"VCID-3bue-qvm7-2fby","summary":"Loop with Unreachable Exit Condition (Infinite Loop)\nRubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.","references":[{"reference_url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2028","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0542","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0591","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0663"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000075.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000075","reference_id":"","reference_type":"","scores":[{"value":"0.0176","scoring_system":"epss","scoring_elements":"0.82949","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000075"},{"reference_url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"},{"reference_url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183"},{"reference_url":"https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"},{"reference_url":"https://usn.ubuntu.com/3621-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3621-1"},{"reference_url":"https://usn.ubuntu.com/3621-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3621-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4219","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4219"},{"reference_url":"https://www.debian.org/security/2018/dsa-4259","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547420","reference_id":"1547420","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547420"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000075","reference_id":"CVE-2018-1000075","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000075"},{"reference_url":"https://github.com/advisories/GHSA-74pv-v9gh-h25p","reference_id":"GHSA-74pv-v9gh-h25p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-74pv-v9gh-h25p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55156?format=json","purl":"pkg:gem/rubygems-update@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-nd17-pxzx-nyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58171?format=json","purl":"pkg:gem/rubygems-update@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-e9b5-m5x2-z3fb"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.6"}],"aliases":["CVE-2018-1000075","GHSA-74pv-v9gh-h25p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3bue-qvm7-2fby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38790?format=json","vulnerability_id":"VCID-68hc-d8u1-yye5","summary":"Improper Input Validation\nRubyGems is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.","references":[{"reference_url":"http://blog.rubygems.org/2017/08/27/2.6.13-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2017/08/27/2.6.13-released.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3485","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0900.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0900","reference_id":"","reference_type":"","scores":[{"value":"0.1397","scoring_system":"epss","scoring_elements":"0.94462","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0900"},{"reference_url":"https://blog.rubygems.org/2017/08/27/2.6.13-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://blog.rubygems.org/2017/08/27/2.6.13-released.html"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251"},{"reference_url":"https://hackerone.com/reports/243003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/243003"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://security.gentoo.org/glsa/201710-01","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201710-01"},{"reference_url":"https://web.archive.org/web/20190212090616/http://www.securitytracker.com/id/1039249","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20190212090616/http://www.securitytracker.com/id/1039249"},{"reference_url":"https://web.archive.org/web/20200227143907/http://www.securityfocus.com/bid/100579","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227143907/http://www.securityfocus.com/bid/100579"},{"reference_url":"https://www.debian.org/security/2017/dsa-3966","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-3966"},{"reference_url":"http://www.securityfocus.com/bid/100579","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100579"},{"reference_url":"http://www.securitytracker.com/id/1039249","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039249"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487588","reference_id":"1487588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487588"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0900","reference_id":"CVE-2017-0900","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0900"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54036?format=json","purl":"pkg:gem/rubygems-update@2.6.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13"}],"aliases":["CVE-2017-0900","GHSA-p7f2-rr42-m9xm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-68hc-d8u1-yye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38792?format=json","vulnerability_id":"VCID-bb6n-nq7v-8qex","summary":"Improper Input Validation\nRubyGems fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.","references":[{"reference_url":"http://blog.rubygems.org/2017/08/27/2.6.13-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2017/08/27/2.6.13-released.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3485","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0901.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0901.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0901","reference_id":"","reference_type":"","scores":[{"value":"0.20215","scoring_system":"epss","scoring_elements":"0.95621","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0901"},{"reference_url":"https://blog.rubygems.org/2017/08/27/2.6.13-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://blog.rubygems.org/2017/08/27/2.6.13-released.html"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://security.gentoo.org/glsa/201710-01","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201710-01"},{"reference_url":"https://usn.ubuntu.com/3553-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3553-1"},{"reference_url":"https://usn.ubuntu.com/3685-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3685-1"},{"reference_url":"https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249"},{"reference_url":"https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100580#:~:text=1%20snapshot-,16%3A05%3A26,-Note","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100580#:~:text=1%20snapshot-,16%3A05%3A26,-Note"},{"reference_url":"https://www.debian.org/security/2017/dsa-3966","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-3966"},{"reference_url":"https://www.exploit-db.com/exploits/42611","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/42611"},{"reference_url":"https://www.exploit-db.com/exploits/42611/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/42611/"},{"reference_url":"http://www.securityfocus.com/bid/100580","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100580"},{"reference_url":"http://www.securitytracker.com/id/1039249","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039249"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487587","reference_id":"1487587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487587"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42611.txt","reference_id":"CVE-2017-0901","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42611.txt"},{"reference_url":"https://hackerone.com/reports/243156","reference_id":"CVE-2017-0901","reference_type":"exploit","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/243156"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0901","reference_id":"CVE-2017-0901","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0901"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54036?format=json","purl":"pkg:gem/rubygems-update@2.6.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13"}],"aliases":["CVE-2017-0901","GHSA-pm9x-4392-2c2p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bb6n-nq7v-8qex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38789?format=json","vulnerability_id":"VCID-br82-gd5d-pqew","summary":"Origin Validation Error\nRubyGems is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.","references":[{"reference_url":"http://blog.rubygems.org/2017/08/27/2.6.13-released.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2017/08/27/2.6.13-released.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3485","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0902.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0902.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0902","reference_id":"","reference_type":"","scores":[{"value":"0.04996","scoring_system":"epss","scoring_elements":"0.89881","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0902"},{"reference_url":"https://blog.rubygems.org/2017/08/27/2.6.13-released.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://blog.rubygems.org/2017/08/27/2.6.13-released.html"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32"},{"reference_url":"https://hackerone.com/reports/218088","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/218088"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://security.gentoo.org/glsa/201710-01","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201710-01"},{"reference_url":"https://usn.ubuntu.com/3553-1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3553-1"},{"reference_url":"https://usn.ubuntu.com/3685-1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3685-1"},{"reference_url":"https://web.archive.org/web/20170907040741/http://www.securityfocus.com/bid/100586","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170907040741/http://www.securityfocus.com/bid/100586"},{"reference_url":"https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249"},{"reference_url":"https://www.debian.org/security/2017/dsa-3966","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-3966"},{"reference_url":"http://www.securityfocus.com/bid/100586","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100586"},{"reference_url":"http://www.securitytracker.com/id/1039249","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039249"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487589","reference_id":"1487589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487589"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0902","reference_id":"CVE-2017-0902","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0902"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54036?format=json","purl":"pkg:gem/rubygems-update@2.6.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13"}],"aliases":["CVE-2017-0902","GHSA-73w7-6w9g-gc8w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-br82-gd5d-pqew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39019?format=json","vulnerability_id":"VCID-c7rs-vbjr-nyfz","summary":"Deserialization of Untrusted Data\nrubygems-update is vulnerable to a remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.","references":[{"reference_url":"http://blog.rubygems.org/2017/10/09/2.6.14-released.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2017/10/09/2.6.14-released.html"},{"reference_url":"http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3485","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0903.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0903","reference_id":"","reference_type":"","scores":[{"value":"0.05545","scoring_system":"epss","scoring_elements":"0.90428","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0903"},{"reference_url":"https://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49"},{"reference_url":"https://hackerone.com/reports/274990","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/274990"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://usn.ubuntu.com/3553-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3553-1"},{"reference_url":"https://usn.ubuntu.com/3685-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3685-1"},{"reference_url":"https://web.archive.org/web/20200227143351/http://www.securityfocus.com/bid/101275","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227143351/http://www.securityfocus.com/bid/101275"},{"reference_url":"https://www.debian.org/security/2017/dsa-4031","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-4031"},{"reference_url":"http://www.securityfocus.com/bid/101275","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101275"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500488","reference_id":"1500488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500488"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0903","reference_id":"CVE-2017-0903","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0903"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54431?format=json","purl":"pkg:gem/rubygems-update@2.6.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.14"}],"aliases":["CVE-2017-0903","GHSA-mqwr-4qf2-2hcv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7rs-vbjr-nyfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37868?format=json","vulnerability_id":"VCID-c9w3-xh7j-57bq","summary":"7PK - Security Features\nRubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1657.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1657.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3900.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3900","reference_id":"","reference_type":"","scores":[{"value":"0.02401","scoring_system":"epss","scoring_elements":"0.85352","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3900"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml"},{"reference_url":"https://web.archive.org/web/20170331091241/https://puppet.com/security/cve/CVE-2015-3900","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170331091241/https://puppet.com/security/cve/CVE-2015-3900"},{"reference_url":"https://web.archive.org/web/20200228055155/http://www.securityfocus.com/bid/75482","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228055155/http://www.securityfocus.com/bid/75482"},{"reference_url":"https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356"},{"reference_url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900"},{"reference_url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/","reference_id":"","reference_type":"","scores":[],"url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/06/26/2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/06/26/2"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.securityfocus.com/bid/75482","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/75482"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236116","reference_id":"1236116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236116"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3900","reference_id":"CVE-2015-3900","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3900"},{"reference_url":"https://puppet.com/security/cve/CVE-2015-3900","reference_id":"CVE-2015-3900","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/CVE-2015-3900"},{"reference_url":"http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html","reference_id":"CVE-2015-3900.HTML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1657","reference_id":"RHSA-2015:1657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1657"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52312?format=json","purl":"pkg:gem/rubygems-update@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.7"}],"aliases":["CVE-2015-3900","GHSA-wp3j-rvfp-624h","OSV-122162"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9w3-xh7j-57bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39474?format=json","vulnerability_id":"VCID-e7rv-fv84-jygh","summary":"Path Traversal\nRubyGems contains a Directory Traversal vulnerability in gem installation that can result in the gem being able to write to arbitrary filesystem locations during installation. This attack appears to be exploitable by a victim installing a malicious gem.","references":[{"reference_url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2028","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0542","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0591","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0663","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0663"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000079.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000079","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55015","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000079"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778"},{"reference_url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"},{"reference_url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183"},{"reference_url":"https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099"},{"reference_url":"https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://usn.ubuntu.com/3621-1","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3621-1"},{"reference_url":"https://usn.ubuntu.com/3621-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3621-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4219","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4219"},{"reference_url":"https://www.debian.org/security/2018/dsa-4259","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547426","reference_id":"1547426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547426"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000079","reference_id":"CVE-2018-1000079","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000079"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2018-1000079","reference_id":"CVE-2018-1000079","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2018-1000079"},{"reference_url":"https://github.com/advisories/GHSA-8qxg-mff5-j3wc","reference_id":"GHSA-8qxg-mff5-j3wc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8qxg-mff5-j3wc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55156?format=json","purl":"pkg:gem/rubygems-update@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-nd17-pxzx-nyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58171?format=json","purl":"pkg:gem/rubygems-update@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-e9b5-m5x2-z3fb"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.6"}],"aliases":["CVE-2018-1000079","GHSA-8qxg-mff5-j3wc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7rv-fv84-jygh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39481?format=json","vulnerability_id":"VCID-k6gg-djg6-kbh5","summary":"RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appears to be exploitable when the victim runs the `gem owner` command on a gem with a specially crafted YAML file.","references":[{"reference_url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2028","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0542","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0591","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0663","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0663"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000074.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000074","reference_id":"","reference_type":"","scores":[{"value":"0.00535","scoring_system":"epss","scoring_elements":"0.67784","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000074"},{"reference_url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"},{"reference_url":"https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d"},{"reference_url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"},{"reference_url":"https://usn.ubuntu.com/3621-1","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3621-1"},{"reference_url":"https://usn.ubuntu.com/3621-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3621-1/"},{"reference_url":"https://usn.ubuntu.com/3621-2","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3621-2"},{"reference_url":"https://usn.ubuntu.com/3621-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3621-2/"},{"reference_url":"https://usn.ubuntu.com/3685-1","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3685-1"},{"reference_url":"https://usn.ubuntu.com/3685-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3685-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4219","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4219"},{"reference_url":"https://www.debian.org/security/2018/dsa-4259","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547419","reference_id":"1547419","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547419"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000074","reference_id":"CVE-2018-1000074","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000074"},{"reference_url":"https://github.com/advisories/GHSA-qj2w-mw2r-pv39","reference_id":"GHSA-qj2w-mw2r-pv39","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qj2w-mw2r-pv39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55156?format=json","purl":"pkg:gem/rubygems-update@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-nd17-pxzx-nyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58171?format=json","purl":"pkg:gem/rubygems-update@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-e9b5-m5x2-z3fb"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.6"}],"aliases":["CVE-2018-1000074","GHSA-qj2w-mw2r-pv39"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6gg-djg6-kbh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38793?format=json","vulnerability_id":"VCID-nd17-pxzx-nyba","summary":"Code Injection\nRubyGems is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.","references":[{"reference_url":"http://blog.rubygems.org/2017/08/27/2.6.13-released.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2017/08/27/2.6.13-released.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3485","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0378","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0583","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0585","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0899.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0899.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0899","reference_id":"","reference_type":"","scores":[{"value":"0.09304","scoring_system":"epss","scoring_elements":"0.92901","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0899"},{"reference_url":"https://blog.rubygems.org/2017/08/27/2.6.13-released.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://blog.rubygems.org/2017/08/27/2.6.13-released.html"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1"},{"reference_url":"https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491"},{"reference_url":"https://hackerone.com/reports/226335","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/226335"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://security.gentoo.org/glsa/201710-01","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201710-01"},{"reference_url":"https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249"},{"reference_url":"https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100576#:~:text=1%20snapshot-,11%3A49%3A33,-Note","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100576#:~:text=1%20snapshot-,11%3A49%3A33,-Note"},{"reference_url":"https://www.debian.org/security/2017/dsa-3966","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-3966"},{"reference_url":"http://www.securityfocus.com/bid/100576","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100576"},{"reference_url":"http://www.securitytracker.com/id/1039249","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039249"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487590","reference_id":"1487590","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487590"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0899","reference_id":"CVE-2017-0899","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0899"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54036?format=json","purl":"pkg:gem/rubygems-update@2.6.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13"}],"aliases":["CVE-2017-0899","GHSA-7gcp-2gmq-w3xh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nd17-pxzx-nyba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39479?format=json","vulnerability_id":"VCID-qrbv-et5k-wkdk","summary":"Path Traversal\nRubyGems contains a Directory Traversal vulnerability in install_location function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside the root.","references":[{"reference_url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2028","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0542","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0591","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0663"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000073.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000073.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77954","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000073"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925986","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925986"},{"reference_url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2"},{"reference_url":"https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2018-1000073.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2018-1000073.yml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"},{"reference_url":"https://usn.ubuntu.com/3621-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3621-1"},{"reference_url":"https://usn.ubuntu.com/3621-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3621-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4219","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4219"},{"reference_url":"https://www.debian.org/security/2018/dsa-4259","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547418","reference_id":"1547418","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547418"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000073","reference_id":"CVE-2018-1000073","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000073"},{"reference_url":"https://github.com/advisories/GHSA-gx69-6cp4-hxrj","reference_id":"GHSA-gx69-6cp4-hxrj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gx69-6cp4-hxrj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55156?format=json","purl":"pkg:gem/rubygems-update@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-nd17-pxzx-nyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58171?format=json","purl":"pkg:gem/rubygems-update@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-e9b5-m5x2-z3fb"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.6"}],"aliases":["CVE-2018-1000073","GHSA-gx69-6cp4-hxrj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrbv-et5k-wkdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37905?format=json","vulnerability_id":"VCID-t8p2-dj3e-r7gt","summary":"Improper Input Validation\nRubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a \"DNS hijack attack.\" NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.","references":[{"reference_url":"http://blog.rubygems.org/2015/06/08/2.2.5-released.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2015/06/08/2.2.5-released.html"},{"reference_url":"http://blog.rubygems.org/2015/06/08/2.4.8-released.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2015/06/08/2.4.8-released.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4020.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4020","reference_id":"","reference_type":"","scores":[{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67277","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4020"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubygems/rubygems/commit/5c7bfb5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/5c7bfb5"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml"},{"reference_url":"https://web.archive.org/web/20200228084212/http://www.securityfocus.com/bid/75431","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228084212/http://www.securityfocus.com/bid/75431"},{"reference_url":"https://web.archive.org/web/20200228085830/https://puppet.com/security/cve/CVE-2015-3900","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228085830/https://puppet.com/security/cve/CVE-2015-3900"},{"reference_url":"https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478"},{"reference_url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900"},{"reference_url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/","reference_id":"","reference_type":"","scores":[],"url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.securityfocus.com/bid/75431","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/75431"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1250109","reference_id":"1250109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1250109"},{"reference_url":"https://puppet.com/security/cve/CVE-2015-3900","reference_id":"CVE-2015-3900","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/CVE-2015-3900"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4020","reference_id":"CVE-2015-4020","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4020"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52358?format=json","purl":"pkg:gem/rubygems-update@2.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.8"}],"aliases":["CVE-2015-4020","GHSA-qv62-xfj6-32xm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8p2-dj3e-r7gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39482?format=json","vulnerability_id":"VCID-xqpw-9uap-kugb","summary":"RubyGems contains an Improper Verification of Cryptographic Signature vulnerability in `package.rb` that can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures.","references":[{"reference_url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2028","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0542","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0591","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0663","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0663"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000076.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000076.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000076","reference_id":"","reference_type":"","scores":[{"value":"0.00929","scoring_system":"epss","scoring_elements":"0.76468","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000076"},{"reference_url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"},{"reference_url":"https://usn.ubuntu.com/3621-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3621-1"},{"reference_url":"https://usn.ubuntu.com/3621-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3621-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4219","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4219"},{"reference_url":"https://www.debian.org/security/2018/dsa-4259","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547421","reference_id":"1547421","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547421"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000076","reference_id":"CVE-2018-1000076","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000076"},{"reference_url":"https://github.com/advisories/GHSA-mc6j-h948-v2p6","reference_id":"GHSA-mc6j-h948-v2p6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mc6j-h948-v2p6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55156?format=json","purl":"pkg:gem/rubygems-update@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-nd17-pxzx-nyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58171?format=json","purl":"pkg:gem/rubygems-update@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-e9b5-m5x2-z3fb"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.6"}],"aliases":["CVE-2018-1000076","GHSA-mc6j-h948-v2p6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqpw-9uap-kugb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39484?format=json","vulnerability_id":"VCID-yxa4-p6gs-7bgr","summary":"RubyGems contains an Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem being able to set an invalid homepage URL.","references":[{"reference_url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2028","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0542","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0591","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0663","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0663"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000077.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000077","reference_id":"","reference_type":"","scores":[{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.78038","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000077"},{"reference_url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"},{"reference_url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183"},{"reference_url":"https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"},{"reference_url":"https://usn.ubuntu.com/3621-1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3621-1"},{"reference_url":"https://usn.ubuntu.com/3621-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3621-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4219","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4219"},{"reference_url":"https://www.debian.org/security/2018/dsa-4259","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547422","reference_id":"1547422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547422"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000077","reference_id":"CVE-2018-1000077","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000077"},{"reference_url":"https://github.com/advisories/GHSA-gv86-43rv-79m2","reference_id":"GHSA-gv86-43rv-79m2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gv86-43rv-79m2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55156?format=json","purl":"pkg:gem/rubygems-update@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-nd17-pxzx-nyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58171?format=json","purl":"pkg:gem/rubygems-update@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-e9b5-m5x2-z3fb"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.6"}],"aliases":["CVE-2018-1000077","GHSA-gv86-43rv-79m2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxa4-p6gs-7bgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39486?format=json","vulnerability_id":"VCID-zzey-wstd-p7e3","summary":"Cross-site Scripting\nRubyGems contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appears to be exploitable by the victim browsing to a malicious gem on a vulnerable gem server.","references":[{"reference_url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2028","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0542","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0591","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0663","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0663"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000078.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000078.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000078","reference_id":"","reference_type":"","scores":[{"value":"0.00823","scoring_system":"epss","scoring_elements":"0.74798","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000078"},{"reference_url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"},{"reference_url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183"},{"reference_url":"https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"},{"reference_url":"https://usn.ubuntu.com/3621-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3621-1"},{"reference_url":"https://usn.ubuntu.com/3621-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3621-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4219","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4219"},{"reference_url":"https://www.debian.org/security/2018/dsa-4259","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547425","reference_id":"1547425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547425"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000078","reference_id":"CVE-2018-1000078","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000078"},{"reference_url":"https://github.com/advisories/GHSA-87qx-g5wg-mwmj","reference_id":"GHSA-87qx-g5wg-mwmj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-87qx-g5wg-mwmj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55156?format=json","purl":"pkg:gem/rubygems-update@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-nd17-pxzx-nyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58171?format=json","purl":"pkg:gem/rubygems-update@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-e9b5-m5x2-z3fb"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.6"}],"aliases":["CVE-2018-1000078","GHSA-87qx-g5wg-mwmj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zzey-wstd-p7e3"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.6"}