Package Instance

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2125

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2125.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2125.json

reference_url

reference_id

reference_type

scores

value	0.00638
scoring_system	epss
scoring_elements	0.70996
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2125

reference_url	http://secunia.com/advisories/55381
reference_id
reference_type
scores
url	http://secunia.com/advisories/55381

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/blob/1.8/History.txt

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/blob/1.8/History.txt

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2125.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2125.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2125

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2125

reference_url

http://www.openwall.com/lists/oss-security/2012/04/20/24

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/04/20/24

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.ubuntu.com/usn/USN-1582-1/
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-1582-1/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670228
reference_id	670228
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670228

reference_url

reference_id

814718

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url	https://access.redhat.com/errata/RHSA-2013:1203
reference_id	RHSA-2013:1203
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1203

reference_url	https://access.redhat.com/errata/RHSA-2013:1441
reference_id	RHSA-2013:1441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1441

reference_url	https://access.redhat.com/errata/RHSA-2013:1852
reference_id	RHSA-2013:1852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1852

reference_url	https://usn.ubuntu.com/1582-1/
reference_id	USN-1582-1
reference_type
scores
url	https://usn.ubuntu.com/1582-1/

reference_url	https://usn.ubuntu.com/1583-1/
reference_id	USN-1583-1
reference_type
scores
url	https://usn.ubuntu.com/1583-1/

fixed_packages

url pkg:gem/rubygems-update@1.8.23

purl pkg:gem/rubygems-update@1.8.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@1.8.23

aliases CVE-2012-2125, GHSA-228f-g3h7-3fj3, OSV-85809

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gtux-yss9-kuga

url VCID-j6uv-kbey-hqd1

vulnerability_id VCID-j6uv-kbey-hqd1

summary

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0900.json

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0900.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-0900

reference_id

reference_type

scores

value	0.22758
scoring_system	epss
scoring_elements	0.95995
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-0900

reference_url

https://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251

reference_url

https://hackerone.com/reports/243003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/243003

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-0900

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-0900

reference_url

https://web.archive.org/web/20190212090616/http://www.securitytracker.com/id/1039249

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20190212090616/http://www.securitytracker.com/id/1039249

reference_url

https://web.archive.org/web/20200227143907/http://www.securityfocus.com/bid/100579

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227143907/http://www.securityfocus.com/bid/100579

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.securityfocus.com/bid/100579
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100579

reference_url	http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039249

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1487588
reference_id	1487588
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1487588

reference_url

reference_id

GLSA-201710-01

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url	https://usn.ubuntu.com/3439-1/
reference_id	USN-3439-1
reference_type
scores
url	https://usn.ubuntu.com/3439-1/

fixed_packages

url pkg:gem/rubygems-update@2.6.13

purl pkg:gem/rubygems-update@2.6.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-evt7-qzp2-4yec

vulnerability	VCID-gew9-fbrh-9ue5

vulnerability	VCID-qxcb-1m7w-u7ct

vulnerability	VCID-rm3q-4vdp-pkhv

vulnerability	VCID-ww87-78hq-zuaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13

aliases CVE-2017-0900, GHSA-p7f2-rr42-m9xm

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6uv-kbey-hqd1

url VCID-j8bn-5tud-jkcm

vulnerability_id VCID-j8bn-5tud-jkcm

summary

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0899.json

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0899.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-0899

reference_id

reference_type

scores

value	0.09304
scoring_system	epss
scoring_elements	0.92929
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-0899

reference_url

https://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

url

https://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1

reference_url

https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491

reference_url

https://hackerone.com/reports/226335

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/226335

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

reference_url

https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249

reference_url

https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100576#:~:text=1%20snapshot-,11%3A49%3A33,-Note

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100576#:~:text=1%20snapshot-,11%3A49%3A33,-Note

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-0899

reference_url	http://www.securityfocus.com/bid/100576
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100576

reference_url	http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039249

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1487590
reference_id	1487590
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1487590

reference_url

reference_id

CVE-2017-0899

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-0899

reference_url

https://github.com/advisories/GHSA-7gcp-2gmq-w3xh

reference_id

GHSA-7gcp-2gmq-w3xh

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7gcp-2gmq-w3xh

reference_url

reference_id

GLSA-201710-01

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html

reference_url	https://usn.ubuntu.com/3439-1/
reference_id	USN-3439-1
reference_type
scores
url	https://usn.ubuntu.com/3439-1/

fixed_packages

url pkg:gem/rubygems-update@2.6.13

purl pkg:gem/rubygems-update@2.6.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-evt7-qzp2-4yec

vulnerability	VCID-gew9-fbrh-9ue5

vulnerability	VCID-qxcb-1m7w-u7ct

vulnerability	VCID-rm3q-4vdp-pkhv

vulnerability	VCID-ww87-78hq-zuaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13

aliases CVE-2017-0899, GHSA-7gcp-2gmq-w3xh

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8bn-5tud-jkcm

url VCID-kdyp-xe71-f7c2

vulnerability_id VCID-kdyp-xe71-f7c2

summary RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

references

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-1657.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-1657.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3900.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3900.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3900

reference_id

reference_type

scores

value	0.02401
scoring_system	epss
scoring_elements	0.85401
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3900

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3900

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3900

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170331091241/https://puppet.com/security/cve/CVE-2015-3900

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170331091241/https://puppet.com/security/cve/CVE-2015-3900

reference_url

https://web.archive.org/web/20200228055155/http://www.securityfocus.com/bid/75482

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228055155/http://www.securityfocus.com/bid/75482

reference_url

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356

reference_url

https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900

reference_url	https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
reference_id
reference_type
scores
url	https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/

reference_url

http://www.openwall.com/lists/oss-security/2015/06/26/2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/06/26/2

reference_url	http://www.securityfocus.com/bid/75482
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/75482

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1236116
reference_id	1236116
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1236116

reference_url	https://access.redhat.com/errata/RHSA-2015:1657
reference_id	RHSA-2015:1657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1657

fixed_packages

url pkg:gem/rubygems-update@2.0.16

purl pkg:gem/rubygems-update@2.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.0.16

url pkg:gem/rubygems-update@2.1.0.rc.1

purl pkg:gem/rubygems-update@2.1.0.rc.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.1.0.rc.1

url pkg:gem/rubygems-update@2.2.4

purl pkg:gem/rubygems-update@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.2.4

url pkg:gem/rubygems-update@2.4.7

purl pkg:gem/rubygems-update@2.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-77ah-j456-2yad

vulnerability	VCID-g795-ac5q-m7dg

vulnerability	VCID-gbas-fhvk-mkfh

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-qh71-t8pt-53b3

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-w2sf-by6z-a7fw

vulnerability	VCID-x7v6-eefc-wufc

vulnerability	VCID-yrnr-xz1e-b7aa

vulnerability	VCID-zjth-98ge-5fez

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.7

aliases CVE-2015-3900, GHSA-wp3j-rvfp-624h, OSV-122162

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdyp-xe71-f7c2

url VCID-mmu8-f2a6-7qaj

vulnerability_id VCID-mmu8-f2a6-7qaj

summary RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

references

reference_url

http://blog.rubygems.org/2015/06/08/2.2.5-released.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2015/06/08/2.2.5-released.html

reference_url

http://blog.rubygems.org/2015/06/08/2.4.8-released.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2015/06/08/2.4.8-released.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4020.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4020.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-4020

reference_id

reference_type

scores

value	0.00524
scoring_system	epss
scoring_elements	0.67367
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-4020

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/5c7bfb5

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/5c7bfb5

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-4020

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-4020

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228084212/http://www.securityfocus.com/bid/75431

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228084212/http://www.securityfocus.com/bid/75431

reference_url

https://web.archive.org/web/20200228085830/https://puppet.com/security/cve/CVE-2015-3900

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228085830/https://puppet.com/security/cve/CVE-2015-3900

reference_url

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478

reference_url

https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900

reference_url	https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
reference_id
reference_type
scores
url	https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/

reference_url

http://www.securityfocus.com/bid/75431

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/75431

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1250109
reference_id	1250109
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1250109

fixed_packages

url pkg:gem/rubygems-update@2.0.17

purl pkg:gem/rubygems-update@2.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.0.17

url pkg:gem/rubygems-update@2.1.0.rc.1

purl pkg:gem/rubygems-update@2.1.0.rc.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.1.0.rc.1

url pkg:gem/rubygems-update@2.2.5

purl pkg:gem/rubygems-update@2.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.2.5

url pkg:gem/rubygems-update@2.4.8

purl pkg:gem/rubygems-update@2.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-77ah-j456-2yad

vulnerability	VCID-g795-ac5q-m7dg

vulnerability	VCID-gbas-fhvk-mkfh

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-qh71-t8pt-53b3

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-w2sf-by6z-a7fw

vulnerability	VCID-x7v6-eefc-wufc

vulnerability	VCID-yrnr-xz1e-b7aa

vulnerability	VCID-zjth-98ge-5fez

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.8

aliases CVE-2015-4020, GHSA-qv62-xfj6-32xm

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmu8-f2a6-7qaj

url VCID-nufq-fk6b-pba6

vulnerability_id VCID-nufq-fk6b-pba6

summary Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.

references

reference_url

http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4363.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4363.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4363

reference_id

reference_type

scores

value	0.00588
scoring_system	epss
scoring_elements	0.69612
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4363

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4363.yml

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4363.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4363

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4363

reference_url

https://web.archive.org/web/20170331150441/https://puppet.com/security/cve/cve-2013-4363

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170331150441/https://puppet.com/security/cve/cve-2013-4363

reference_url

http://www.openwall.com/lists/oss-security/2013/09/14/3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/09/14/3

reference_url

http://www.openwall.com/lists/oss-security/2013/09/18/8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/09/18/8

reference_url

http://www.openwall.com/lists/oss-security/2013/09/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/09/20/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1009720
reference_id	1009720
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1009720

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722361
reference_id	722361
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722361

reference_url	https://puppet.com/security/cve/cve-2013-4363
reference_id	CVE-2013-4363
reference_type
scores
url	https://puppet.com/security/cve/cve-2013-4363

fixed_packages

url pkg:gem/rubygems-update@1.8.23.2

purl pkg:gem/rubygems-update@1.8.23.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@1.8.23.2

url pkg:gem/rubygems-update@1.8.27

purl pkg:gem/rubygems-update@1.8.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@1.8.27

url pkg:gem/rubygems-update@2.0.10

purl pkg:gem/rubygems-update@2.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.0.10

url pkg:gem/rubygems-update@2.1.4

purl pkg:gem/rubygems-update@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.1.4

url pkg:gem/rubygems-update@2.1.5

purl pkg:gem/rubygems-update@2.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.1.5

aliases CVE-2013-4363, GHSA-9qvm-2vhf-q649

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nufq-fk6b-pba6

url VCID-qsgw-g8x9-vydg

vulnerability_id VCID-qsgw-g8x9-vydg

summary Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

references

reference_url

http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1427.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1427.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1523.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1523.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0207.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0207.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4287.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4287.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4287

reference_id

reference_type

scores

value	0.02017
scoring_system	epss
scoring_elements	0.84116
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4287

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287

reference_url	http://secunia.com/advisories/55381
reference_id
reference_type
scores
url	http://secunia.com/advisories/55381

reference_url

https://github.com/rubygems/rubygems/blob/03a074e8838683f45611b119fd8f363aa44fe2fd/CHANGELOG.md

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/blob/03a074e8838683f45611b119fd8f363aa44fe2fd/CHANGELOG.md

reference_url

https://github.com/rubygems/rubygems/commit/938a7e31ac73655845ab9045629ff3f580a125da

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/938a7e31ac73655845ab9045629ff3f580a125da

reference_url

https://github.com/rubygems/rubygems/commit/b697536f2455e8c8853cf5cf8a1017a36031ed67

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/b697536f2455e8c8853cf5cf8a1017a36031ed67

reference_url

https://github.com/rubygems/rubygems/commit/b9baec03145aed684d1cd3c87dcac3cc06becd9b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/b9baec03145aed684d1cd3c87dcac3cc06becd9b

reference_url

https://github.com/rubygems/rubygems/commit/ed733bc379d75620f5be4213f89d1d7b38be3191

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/ed733bc379d75620f5be4213f89d1d7b38be3191

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4287.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4287.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4287

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4287

reference_url

https://web.archive.org/web/20160806152839/https://puppet.com/security/cve/cve-2013-4287

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160806152839/https://puppet.com/security/cve/cve-2013-4287

reference_url

http://www.openwall.com/lists/oss-security/2013/09/10/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/09/10/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1002364
reference_id	1002364
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1002364

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722361
reference_id	722361
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722361

reference_url	https://puppet.com/security/cve/cve-2013-4287
reference_id	CVE-2013-4287
reference_type
scores
url	https://puppet.com/security/cve/cve-2013-4287

reference_url	https://access.redhat.com/errata/RHSA-2013:1427
reference_id	RHSA-2013:1427
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1427

reference_url	https://access.redhat.com/errata/RHSA-2013:1441
reference_id	RHSA-2013:1441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1441

reference_url	https://access.redhat.com/errata/RHSA-2013:1523
reference_id	RHSA-2013:1523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1523

reference_url	https://access.redhat.com/errata/RHSA-2013:1852
reference_id	RHSA-2013:1852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1852

reference_url	https://access.redhat.com/errata/RHSA-2014:0207
reference_id	RHSA-2014:0207
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0207

fixed_packages

url	pkg:gem/rubygems-update@1.8.23.1
purl	pkg:gem/rubygems-update@1.8.23.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@1.8.23.1

url pkg:gem/rubygems-update@1.8.26

purl pkg:gem/rubygems-update@1.8.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@1.8.26

url pkg:gem/rubygems-update@2.0.8

purl pkg:gem/rubygems-update@2.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.0.8

url pkg:gem/rubygems-update@2.1.0.rc.1

purl pkg:gem/rubygems-update@2.1.0.rc.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.1.0.rc.1

url pkg:gem/rubygems-update@2.1.0

purl pkg:gem/rubygems-update@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.1.0

url pkg:gem/rubygems-update@2.1.1

purl pkg:gem/rubygems-update@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.1.1

aliases CVE-2013-4287, GHSA-9j7m-rjqx-48vh, OSV-97163

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsgw-g8x9-vydg

url VCID-rvgn-6zh3-t7d3

vulnerability_id VCID-rvgn-6zh3-t7d3

summary

references

reference_url

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0901.json

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0901.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-0901

reference_id

reference_type

scores

value	0.20215
scoring_system	epss
scoring_elements	0.95646
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-0901

reference_url

https://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:N/I:C/A:N

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/3553-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3553-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249

reference_url	https://usn.ubuntu.com/3685-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3685-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249

reference_url

https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100580#:~:text=1%20snapshot-,16%3A05%3A26,-Note

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100580#:~:text=1%20snapshot-,16%3A05%3A26,-Note

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/42611

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/42611

reference_url	https://www.exploit-db.com/exploits/42611/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/42611/

reference_url	http://www.securityfocus.com/bid/100580
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100580

reference_url	http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039249

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1487587
reference_id	1487587
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1487587

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42611.txt
reference_id	CVE-2017-0901
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42611.txt

reference_url

https://hackerone.com/reports/243156

reference_id

CVE-2017-0901

reference_type

exploit

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/243156

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-0901

reference_id

CVE-2017-0901

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-0901

reference_url

https://github.com/advisories/GHSA-pm9x-4392-2c2p

reference_id

GHSA-pm9x-4392-2c2p

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pm9x-4392-2c2p

reference_url

reference_id

GLSA-201710-01

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/3439-1/
reference_id	USN-3439-1
reference_type
scores
url	https://usn.ubuntu.com/3439-1/

fixed_packages

url pkg:gem/rubygems-update@2.6.13

purl pkg:gem/rubygems-update@2.6.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-416r-82kd-fqg8

vulnerability	VCID-evt7-qzp2-4yec

vulnerability	VCID-gew9-fbrh-9ue5

vulnerability	VCID-qxcb-1m7w-u7ct

vulnerability	VCID-rm3q-4vdp-pkhv

vulnerability	VCID-ww87-78hq-zuaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.6.13

aliases CVE-2017-0901, GHSA-pm9x-4392-2c2p

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvgn-6zh3-t7d3

url VCID-tdya-1b6n-v7e4

vulnerability_id VCID-tdya-1b6n-v7e4

summary RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2126

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2126.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2126.json

reference_url

reference_id

reference_type

scores

value	0.00272
scoring_system	epss
scoring_elements	0.50945
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2126
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2126

reference_url	http://secunia.com/advisories/55381
reference_id
reference_type
scores
url	http://secunia.com/advisories/55381

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/blob/1.8/History.txt

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/blob/1.8/History.txt

reference_url

https://github.com/rubygems/rubygems/commit/d4c7eafb8efe1e13a7abf5be5a5b4548870b15b7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/d4c7eafb8efe1e13a7abf5be5a5b4548870b15b7

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2126.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2126.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2126

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2126

reference_url

http://www.openwall.com/lists/oss-security/2012/04/20/24

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/04/20/24

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.ubuntu.com/usn/USN-1582-1/
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-1582-1/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670228
reference_id	670228
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670228

reference_url

reference_id

814718

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url	https://access.redhat.com/errata/RHSA-2013:1203
reference_id	RHSA-2013:1203
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1203

reference_url	https://access.redhat.com/errata/RHSA-2013:1441
reference_id	RHSA-2013:1441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1441

reference_url	https://access.redhat.com/errata/RHSA-2013:1852
reference_id	RHSA-2013:1852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1852

reference_url	https://usn.ubuntu.com/1582-1/
reference_id	USN-1582-1
reference_type
scores
url	https://usn.ubuntu.com/1582-1/

reference_url	https://usn.ubuntu.com/1583-1/
reference_id	USN-1583-1
reference_type
scores
url	https://usn.ubuntu.com/1583-1/

fixed_packages

url pkg:gem/rubygems-update@1.8.23

purl pkg:gem/rubygems-update@1.8.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j6uv-kbey-hqd1

vulnerability	VCID-j8bn-5tud-jkcm

vulnerability	VCID-kdyp-xe71-f7c2

vulnerability	VCID-mmu8-f2a6-7qaj

vulnerability	VCID-nufq-fk6b-pba6

vulnerability	VCID-qsgw-g8x9-vydg

vulnerability	VCID-rvgn-6zh3-t7d3

vulnerability	VCID-yrnr-xz1e-b7aa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@1.8.23

aliases CVE-2012-2126, GHSA-5mgj-mvv8-46mw, OSV-81444

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tdya-1b6n-v7e4

url VCID-yrnr-xz1e-b7aa

vulnerability_id VCID-yrnr-xz1e-b7aa

summary

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0902.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0902.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-0902

reference_id

reference_type

scores

value	0.04996
scoring_system	epss
scoring_elements	0.89928
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-0902

reference_url

https://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements

url

https://blog.rubygems.org/2017/08/27/2.6.13-released.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:C/I:C/A:C

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32

reference_url

https://hackerone.com/reports/218088

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/218088

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/3553-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3553-1/

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170907040741/http://www.securityfocus.com/bid/100586

reference_url	https://usn.ubuntu.com/3685-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3685-1/

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170907040741/http://www.securityfocus.com/bid/100586

reference_url

https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/1039249

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-0902

reference_url	http://www.securityfocus.com/bid/100586
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100586

reference_url	http://www.securitytracker.com/id/1039249
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039249

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1487589
reference_id	1487589
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1487589

reference_url

reference_id

CVE-2017-0902

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-0902

reference_url

https://github.com/advisories/GHSA-73w7-6w9g-gc8w

reference_id

GHSA-73w7-6w9g-gc8w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-73w7-6w9g-gc8w

reference_url

reference_id

GLSA-201710-01

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url