Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-5mfh-yzfk-cqaa

Summary

StringIO buffer overread vulnerability
An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.

The `ungetbyte` and `ungetc` methods on a StringIO can read past the end of a string, and a subsequent call to `StringIO.gets` may return the memory value.

This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later.

We recommend to update the StringIO gem to version 3.0.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead:

* For Ruby 3.0 users: Update to `stringio` 3.0.1.1
* For Ruby 3.1 users: Update to `stringio` 3.1.0.2

You can use `gem update stringio` to update it. If you are using bundler, please add `gem "stringio", ">= 3.0.1.2"` to your `Gemfile`.

Aliases

alias	CVE-2024-27280

alias	GHSA-v5h6-c2hv-hv3r

Fixed_packages

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=aarch64&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=aarch64&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=aarch64&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=armhf&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=armhf&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=armhf&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=armv7&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=armv7&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=armv7&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=aarch64&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=aarch64&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=aarch64&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=armhf&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=armhf&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=armhf&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=armv7&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=armv7&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=armv7&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=s390x&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=s390x&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=s390x&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=ppc64le&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=ppc64le&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=ppc64le&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=s390x&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=s390x&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=s390x&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=x86&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=x86&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=x86_64&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=x86_64&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=x86_64&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=ppc64le&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=ppc64le&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=ppc64le&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=x86&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=x86&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=x86&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/ruby@3.1.5-r0?arch=x86_64&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/ruby@3.1.5-r0?arch=x86_64&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.1.5-r0%3Farch=x86_64&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=aarch64&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=aarch64&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=aarch64&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=armhf&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=armhf&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=armhf&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=armv7&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=armv7&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=armv7&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=ppc64le&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=ppc64le&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=ppc64le&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=s390x&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=s390x&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=s390x&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=x86_64&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=x86_64&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=x86_64&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=x86&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=x86&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=x86&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=x86_64&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=x86_64&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=x86_64&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=aarch64&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=aarch64&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=aarch64&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=armhf&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=armhf&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=armhf&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=armv7&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=armv7&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=armv7&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=ppc64le&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=ppc64le&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=ppc64le&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=s390x&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=s390x&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=s390x&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/ruby@3.2.4-r0?arch=x86&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/ruby@3.2.4-r0?arch=x86&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.2.4-r0%3Farch=x86&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=aarch64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armhf&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armv7&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=loongarch64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=loongarch64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=ppc64le&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=aarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armhf&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armv7&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=loongarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=loongarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=s390x&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86_64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=loongarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=loongarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=loongarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=ppc64le&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=riscv64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86_64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=aarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=edge&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armhf&distroversion=edge&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=ppc64le&distroversion=edge&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armv7&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86_64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=aarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armhf&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armv7&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=s390x&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=edge&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armv7&distroversion=edge&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=loongarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=loongarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=riscv64&distroversion=edge&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=edge&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=s390x&distroversion=edge&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=edge&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86&distroversion=edge&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86_64&distroversion=edge&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=aarch64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=aarch64&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=armhf&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=armhf&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=ppc64le&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=ppc64le&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=riscv64&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=s390x&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=s390x&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/ruby@3.3.1-r0?arch=x86_64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.3.1-r0%3Farch=x86_64&distroversion=v3.20&reponame=main

url	pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1?distro=bullseye
purl	pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@2.7.4-1%252Bdeb11u1%3Fdistro=bullseye

url	pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u2?distro=bullseye
purl	pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u2?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@2.7.4-1%252Bdeb11u2%3Fdistro=bullseye

url	pkg:deb/debian/ruby3.1@3.1.2-7%2Bdeb12u1?distro=bookworm
purl	pkg:deb/debian/ruby3.1@3.1.2-7%2Bdeb12u1?distro=bookworm
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.1@3.1.2-7%252Bdeb12u1%3Fdistro=bookworm

url	pkg:gem/stringio@3.0.1.1
purl	pkg:gem/stringio@3.0.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/stringio@3.0.1.1

Affected_packages

url pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1

purl pkg:deb/debian/ruby2.7@2.7.4-1%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sv2-6snv-2bd3

vulnerability	VCID-5mfh-yzfk-cqaa

vulnerability	VCID-9g2w-sc9w-eyce

vulnerability	VCID-9x9w-2k98-wydm

vulnerability	VCID-ajtx-8w3u-rkae

vulnerability	VCID-c5xq-bv4t-73ff

vulnerability	VCID-exq5-cnrm-3uhd

vulnerability	VCID-h4mf-99f4-9bdw

vulnerability	VCID-jdtw-bn8z-e3b6

vulnerability	VCID-m4a8-ya4v-tkgm

vulnerability	VCID-m6hy-vnf9-hyfe

vulnerability	VCID-msc8-xjz2-2kb4

vulnerability	VCID-n1ja-n53g-fycm

vulnerability	VCID-qu1w-yd76-t7c1

vulnerability	VCID-uxdx-abx7-fkdy

vulnerability	VCID-x126-x9qm-e7d3

vulnerability	VCID-yj1t-rga1-x3ev

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby2.7@2.7.4-1%252Bdeb11u1

url pkg:gem/stringio@0.0.1

purl pkg:gem/stringio@0.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mfh-yzfk-cqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/stringio@0.0.1

url pkg:gem/stringio@0.0.2

purl pkg:gem/stringio@0.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mfh-yzfk-cqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/stringio@0.0.2

url pkg:gem/stringio@0.1.0

purl pkg:gem/stringio@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mfh-yzfk-cqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/stringio@0.1.0

url pkg:gem/stringio@0.1.3

purl pkg:gem/stringio@0.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mfh-yzfk-cqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/stringio@0.1.3

url pkg:gem/stringio@0.1.4

purl pkg:gem/stringio@0.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mfh-yzfk-cqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/stringio@0.1.4

url pkg:gem/stringio@3.0.0

purl pkg:gem/stringio@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mfh-yzfk-cqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/stringio@3.0.0

url pkg:gem/stringio@3.0.1

purl pkg:gem/stringio@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mfh-yzfk-cqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/stringio@3.0.1

url pkg:rpm/redhat/ruby@3.0.7-162?arch=el9_4

purl pkg:rpm/redhat/ruby@3.0.7-162?arch=el9_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mfh-yzfk-cqaa

vulnerability	VCID-9g2w-sc9w-eyce

vulnerability	VCID-9x9w-2k98-wydm

vulnerability	VCID-m4a8-ya4v-tkgm

vulnerability	VCID-uxdx-abx7-fkdy

vulnerability	VCID-x126-x9qm-e7d3

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@3.0.7-162%3Farch=el9_4

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27280.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27280.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27280

reference_id

reference_type

scores

value	0.06546
scoring_system	epss
scoring_elements	0.91229
published_at	2026-05-14T12:55:00Z

value	0.06546
scoring_system	epss
scoring_elements	0.91217
published_at	2026-05-12T12:55:00Z

value	0.06546
scoring_system	epss
scoring_elements	0.91208
published_at	2026-05-11T12:55:00Z

value	0.06546
scoring_system	epss
scoring_elements	0.91209
published_at	2026-05-09T12:55:00Z

value	0.06546
scoring_system	epss
scoring_elements	0.91198
published_at	2026-05-07T12:55:00Z

value	0.06546
scoring_system	epss
scoring_elements	0.9118
published_at	2026-05-05T12:55:00Z

value	0.06546
scoring_system	epss
scoring_elements	0.91168
published_at	2026-04-29T12:55:00Z

value	0.06546
scoring_system	epss
scoring_elements	0.91172
published_at	2026-04-26T12:55:00Z

value	0.06546
scoring_system	epss
scoring_elements	0.91174
published_at	2026-04-24T12:55:00Z

value	0.06546
scoring_system	epss
scoring_elements	0.9116
published_at	2026-04-21T12:55:00Z

value	0.0706
scoring_system	epss
scoring_elements	0.91524
published_at	2026-04-18T12:55:00Z

value	0.0706
scoring_system	epss
scoring_elements	0.91529
published_at	2026-04-16T12:55:00Z

value	0.0706
scoring_system	epss
scoring_elements	0.91508
published_at	2026-04-12T12:55:00Z

value	0.0706
scoring_system	epss
scoring_elements	0.91506
published_at	2026-04-13T12:55:00Z

value	0.0706
scoring_system	epss
scoring_elements	0.91501
published_at	2026-04-09T12:55:00Z

value	0.0706
scoring_system	epss
scoring_elements	0.91495
published_at	2026-04-08T12:55:00Z

value	0.0706
scoring_system	epss
scoring_elements	0.91482
published_at	2026-04-07T12:55:00Z

value	0.0706
scoring_system	epss
scoring_elements	0.91473
published_at	2026-04-04T12:55:00Z

value	0.0706
scoring_system	epss
scoring_elements	0.91467
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27280

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27280
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27280

reference_url

http://seclists.org/fulldisclosure/2025/Sep/53

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2025/Sep/53

reference_url

http://seclists.org/fulldisclosure/2025/Sep/54

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2025/Sep/54

reference_url

http://seclists.org/fulldisclosure/2025/Sep/55

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2025/Sep/55

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/stringio/CVE-2024-27280.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/stringio/CVE-2024-27280.yml

reference_url

https://github.com/ruby/stringio

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/stringio

reference_url

https://github.com/ruby/stringio/commit/0e596524097706263d10900ca180898e4a8f5233

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/stringio/commit/0e596524097706263d10900ca180898e4a8f5233

reference_url

https://github.com/ruby/stringio/commit/c58c5f54f1eab99665ea6a161d29ff6a7490afc8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/stringio/commit/c58c5f54f1eab99665ea6a161d29ff6a7490afc8

reference_url

https://hackerone.com/reports/1399856

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:08:05Z/

url

https://hackerone.com/reports/1399856

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYDHPHEZI7OQXTQKTDZHGZNPIJH7ZV5N

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYDHPHEZI7OQXTQKTDZHGZNPIJH7ZV5N

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-27280

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-27280

reference_url

https://security.netapp.com/advisory/ntap-20250502-0003

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250502-0003

reference_url

https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280

reference_url

https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:08:05Z/

url

https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069966
reference_id	1069966
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069966

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270750
reference_id	2270750
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270750

reference_url

https://github.com/advisories/GHSA-v5h6-c2hv-hv3r

reference_id

GHSA-v5h6-c2hv-hv3r

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v5h6-c2hv-hv3r

reference_url	https://access.redhat.com/errata/RHSA-2024:3500
reference_id	RHSA-2024:3500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3500

reference_url	https://access.redhat.com/errata/RHSA-2024:3546
reference_id	RHSA-2024:3546
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3546

reference_url	https://access.redhat.com/errata/RHSA-2024:3668
reference_id	RHSA-2024:3668
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3668

reference_url	https://access.redhat.com/errata/RHSA-2024:3670
reference_id	RHSA-2024:3670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3670

reference_url	https://access.redhat.com/errata/RHSA-2024:3671
reference_id	RHSA-2024:3671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3671

reference_url	https://access.redhat.com/errata/RHSA-2024:3838
reference_id	RHSA-2024:3838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3838

reference_url	https://access.redhat.com/errata/RHSA-2024:4499
reference_id	RHSA-2024:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4499

reference_url	https://usn.ubuntu.com/6853-1/
reference_id	USN-6853-1
reference_type
scores
url	https://usn.ubuntu.com/6853-1/

reference_url	https://usn.ubuntu.com/7734-1/
reference_id	USN-7734-1
reference_type
scores
url	https://usn.ubuntu.com/7734-1/

Weaknesses

cwe_id	120
name	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
description	The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

cwe_id	126
name	Buffer Over-read
description	The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 3.1 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5mfh-yzfk-cqaa

Vulnerability Instance