{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10741?format=json","vulnerability_id":"VCID-t78a-dw4s-vqf5","summary":"Path Traversal\nA Directory Traversal issue was discovered in RubyGems. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (`/tmp`, `/usr`, etc.), this could likely lead to data loss or an unusable system.","aliases":[{"alias":"CVE-2019-8320"},{"alias":"GHSA-5x32-c9mf-49cc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/485154?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=aarch64&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=aarch64&distroversion=v3.7&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/485155?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=armhf&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=armhf&distroversion=v3.7&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/485156?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=ppc64le&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=ppc64le&distroversion=v3.7&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/485157?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=s390x&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=s390x&distroversion=v3.7&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/563799?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=aarch64&distroversion=v3.6&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=aarch64&distroversion=v3.6&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/563800?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=armhf&distroversion=v3.6&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=armhf&distroversion=v3.6&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/563801?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=ppc64le&distroversion=v3.6&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=ppc64le&distroversion=v3.6&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/563802?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=s390x&distroversion=v3.6&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=s390x&distroversion=v3.6&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/563803?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=x86&distroversion=v3.6&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=x86&distroversion=v3.6&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/485158?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=x86&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=x86&distroversion=v3.7&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/485159?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=x86_64&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=x86_64&distroversion=v3.7&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/563804?format=json","purl":"pkg:apk/alpine/ruby@2.4.6-r0?arch=x86_64&distroversion=v3.6&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.6-r0%3Farch=x86_64&distroversion=v3.6&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/437892?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=aarch64&distroversion=v3.8&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=aarch64&distroversion=v3.8&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/437893?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=armhf&distroversion=v3.8&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=armhf&distroversion=v3.8&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/437894?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=ppc64le&distroversion=v3.8&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=ppc64le&distroversion=v3.8&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/437895?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=s390x&distroversion=v3.8&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=s390x&distroversion=v3.8&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/437896?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=x86&distroversion=v3.8&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=x86&distroversion=v3.8&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/437897?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=x86_64&distroversion=v3.8&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=x86_64&distroversion=v3.8&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/529173?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=armhf&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=armhf&distroversion=v3.9&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/529174?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=armv7&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=armv7&distroversion=v3.9&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/529175?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=ppc64le&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=ppc64le&distroversion=v3.9&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/529172?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=aarch64&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=aarch64&distroversion=v3.9&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/529176?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=s390x&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=s390x&distroversion=v3.9&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/529177?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=x86&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=x86&distroversion=v3.9&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/529178?format=json","purl":"pkg:apk/alpine/ruby@2.5.5-r0?arch=x86_64&distroversion=v3.9&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.5.5-r0%3Farch=x86_64&distroversion=v3.9&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/926002?format=json","purl":"pkg:deb/debian/jruby@9.1.17.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jruby@9.1.17.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925992?format=json","purl":"pkg:deb/debian/jruby@9.3.9.0%2Bds-8?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9x9w-2k98-wydm"},{"vulnerability":"VCID-uxdx-abx7-fkdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jruby@9.3.9.0%252Bds-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925994?format=json","purl":"pkg:deb/debian/jruby@9.4.8.0%2Bds-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jruby@9.4.8.0%252Bds-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938504?format=json","purl":"pkg:deb/debian/rubygems@3.2.0~rc.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.2.0~rc.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938502?format=json","purl":"pkg:deb/debian/rubygems@3.2.5-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dy2a-n93k-yfgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.2.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1050745?format=json","purl":"pkg:deb/debian/rubygems@3.2.5-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dy2a-n93k-yfgd"},{"vulnerability":"VCID-n1ja-n53g-fycm"},{"vulnerability":"VCID-uxdx-abx7-fkdy"},{"vulnerability":"VCID-xbrw-47yv-wqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.2.5-2"},{"url":"http://public2.vulnerablecode.io/api/packages/938500?format=json","purl":"pkg:deb/debian/rubygems@3.3.15-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.3.15-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938503?format=json","purl":"pkg:deb/debian/rubygems@3.6.7-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.6.7-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/79191?format=json","purl":"pkg:gem/rubygems-update@2.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/37075?format=json","purl":"pkg:gem/rubygems-update@3.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.3"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050744?format=json","purl":"pkg:deb/debian/rubygems@1.8.24-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d7n-bfhu-dkfd"},{"vulnerability":"VCID-8hm4-c4w4-gfen"},{"vulnerability":"VCID-9t45-d5mf-3uar"},{"vulnerability":"VCID-af1f-xwwy-jfa8"},{"vulnerability":"VCID-b36p-re17-n7dq"},{"vulnerability":"VCID-cde2-rv4n-tkau"},{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-jmzh-89dm-r7g2"},{"vulnerability":"VCID-k2ga-fgvp-5qc7"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-mamm-cvdr-subf"},{"vulnerability":"VCID-n1ja-n53g-fycm"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-tq93-h2ag-s3bx"},{"vulnerability":"VCID-ucdh-7fgy-33h8"},{"vulnerability":"VCID-uxdx-abx7-fkdy"},{"vulnerability":"VCID-w4ns-f42m-pyec"},{"vulnerability":"VCID-xbrw-47yv-wqcr"},{"vulnerability":"VCID-xgmc-a5rk-zqag"},{"vulnerability":"VCID-xgsa-5umz-qffr"},{"vulnerability":"VCID-xz68-vwz2-2ke4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@1.8.24-1"},{"url":"http://public2.vulnerablecode.io/api/packages/37073?format=json","purl":"pkg:gem/rubygems-update@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.6"},{"url":"http://public2.vulnerablecode.io/api/packages/189268?format=json","purl":"pkg:gem/rubygems-update@2.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.7"},{"url":"http://public2.vulnerablecode.io/api/packages/189269?format=json","purl":"pkg:gem/rubygems-update@2.7.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.8"},{"url":"http://public2.vulnerablecode.io/api/packages/79191?format=json","purl":"pkg:gem/rubygems-update@2.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/131012?format=json","purl":"pkg:gem/rubygems-update@2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/142114?format=json","purl":"pkg:gem/rubygems-update@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/189270?format=json","purl":"pkg:gem/rubygems-update@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/37074?format=json","purl":"pkg:gem/rubygems-update@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@3.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/106713?format=json","purl":"pkg:rpm/redhat/cfme@5.10.5.1-1?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme@5.10.5.1-1%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/106716?format=json","purl":"pkg:rpm/redhat/cfme-amazon-smartstate@5.10.5.1-1?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-amazon-smartstate@5.10.5.1-1%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/106717?format=json","purl":"pkg:rpm/redhat/cfme-appliance@5.10.5.1-1?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-appliance@5.10.5.1-1%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/106714?format=json","purl":"pkg:rpm/redhat/cfme-gemset@5.10.5.1-1?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-gemset@5.10.5.1-1%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/106720?format=json","purl":"pkg:rpm/redhat/rh-ruby24-ruby@2.4.6-92?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby24-ruby@2.4.6-92%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/106718?format=json","purl":"pkg:rpm/redhat/rh-ruby24-ruby@2.4.6-92?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby24-ruby@2.4.6-92%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/106719?format=json","purl":"pkg:rpm/redhat/rh-ruby25-ruby@2.5.5-7?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby25-ruby@2.5.5-7%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/106715?format=json","purl":"pkg:rpm/redhat/ruby@2.4.6-91?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7x5-hz5f-hyd3"},{"vulnerability":"VCID-ha3g-uyse-wybx"},{"vulnerability":"VCID-jkwe-c323-3yez"},{"vulnerability":"VCID-ky5r-bch5-m7dv"},{"vulnerability":"VCID-t78a-dw4s-vqf5"},{"vulnerability":"VCID-xgmc-a5rk-zqag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@2.4.6-91%3Farch=el7cf"}],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1429","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1429"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8320.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8320.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8320","reference_id":"","reference_type":"","scores":[{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.91057","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.90939","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.9095","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.90956","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.90965","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.90966","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.9099","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.90988","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.91002","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.91","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.90997","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.91011","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.91026","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.9104","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.91039","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.91047","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.90914","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.90919","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06309","scoring_system":"epss","scoring_elements":"0.90929","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8320"},{"reference_url":"https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8320.yml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8320.yml"},{"reference_url":"https://hackerone.com/reports/317321","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/317321"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1692512","reference_id":"1692512","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1692512"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987","reference_id":"925987","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8320","reference_id":"CVE-2019-8320","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8320"},{"reference_url":"https://github.com/advisories/GHSA-5x32-c9mf-49cc","reference_id":"GHSA-5x32-c9mf-49cc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5x32-c9mf-49cc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1148","reference_id":"RHSA-2019:1148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1150","reference_id":"RHSA-2019:1150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1150"},{"reference_url":"https://usn.ubuntu.com/3945-1/","reference_id":"USN-3945-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3945-1/"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":22,"name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","description":"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t78a-dw4s-vqf5"}