{"url":"http://public2.vulnerablecode.io/api/packages/521600?format=json","purl":"pkg:apk/alpine/ruby@2.6.5-r0?arch=aarch64&distroversion=v3.18&reponame=main","type":"apk","namespace":"alpine","name":"ruby","version":"2.6.5-r0","qualifiers":{"arch":"aarch64","distroversion":"v3.18","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.6.6-r0","latest_non_vulnerable_version":"3.2.4-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36467?format=json","vulnerability_id":"VCID-5fqj-uwnz-93af","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15845","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55085","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55159","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55167","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55186","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5521","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55187","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55248","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55228","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55209","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55251","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55231","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789407","reference_id":"1789407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789407"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/521600?format=json","purl":"pkg:apk/alpine/ruby@2.6.5-r0?arch=aarch64&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.6.5-r0%3Farch=aarch64&distroversion=v3.18&reponame=main"}],"aliases":["CVE-2019-15845"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5fqj-uwnz-93af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36471?format=json","vulnerability_id":"VCID-f6d8-e8tp-c3am","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16255.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16255.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16255","reference_id":"","reference_type":"","scores":[{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78518","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78648","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78595","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78592","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78623","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78631","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78524","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78555","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78538","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78564","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.7857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78594","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78575","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78567","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16255","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16255"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793683","reference_id":"1793683","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793683"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/521600?format=json","purl":"pkg:apk/alpine/ruby@2.6.5-r0?arch=aarch64&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.6.5-r0%3Farch=aarch64&distroversion=v3.18&reponame=main"}],"aliases":["CVE-2019-16255","GHSA-ph7w-p94x-9vvw"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6d8-e8tp-c3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36468?format=json","vulnerability_id":"VCID-kp26-vpgn-k7az","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16201.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16201","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69541","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69703","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6969","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69553","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69568","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69547","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69615","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69637","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69622","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69648","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69656","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1773728","reference_id":"1773728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1773728"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/521600?format=json","purl":"pkg:apk/alpine/ruby@2.6.5-r0?arch=aarch64&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.6.5-r0%3Farch=aarch64&distroversion=v3.18&reponame=main"}],"aliases":["CVE-2019-16201"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kp26-vpgn-k7az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36469?format=json","vulnerability_id":"VCID-y56y-5am7-wkhr","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16254","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72109","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72235","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72204","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72232","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72241","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72115","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72135","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72113","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.7215","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72162","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72196","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16254","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16254"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789556","reference_id":"1789556","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789556"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/521600?format=json","purl":"pkg:apk/alpine/ruby@2.6.5-r0?arch=aarch64&distroversion=v3.18&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.6.5-r0%3Farch=aarch64&distroversion=v3.18&reponame=main"}],"aliases":["CVE-2019-16254","GHSA-w9fp-2996-hhwx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y56y-5am7-wkhr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.6.5-r0%3Farch=aarch64&distroversion=v3.18&reponame=main"}