{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39479?format=json","vulnerability_id":"VCID-qrbv-et5k-wkdk","summary":"Path Traversal\nRubyGems contains a Directory Traversal vulnerability in install_location function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside the root.","aliases":[{"alias":"CVE-2018-1000073"},{"alias":"GHSA-gx69-6cp4-hxrj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100147?format=json","purl":"pkg:deb/debian/jruby@9.1.17.0-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jruby@9.1.17.0-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100135?format=json","purl":"pkg:deb/debian/jruby@9.3.9.0%2Bds-8?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cran-uhew-auat"},{"vulnerability":"VCID-v5r6-nhe3-87dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jruby@9.3.9.0%252Bds-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100137?format=json","purl":"pkg:deb/debian/jruby@9.4.8.0%2Bds-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jruby@9.4.8.0%252Bds-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/127782?format=json","purl":"pkg:deb/debian/rubygems@3.2.0~rc.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.2.0~rc.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/127779?format=json","purl":"pkg:deb/debian/rubygems@3.2.5-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zz3m-f23k-6kec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.2.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/127776?format=json","purl":"pkg:deb/debian/rubygems@3.3.15-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.3.15-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/127780?format=json","purl":"pkg:deb/debian/rubygems@3.6.7-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rubygems@3.6.7-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/55156?format=json","purl":"pkg:gem/rubygems-update@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-nd17-pxzx-nyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/58171?format=json","purl":"pkg:gem/rubygems-update@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ab1-3xjd-aqbp"},{"vulnerability":"VCID-e9b5-m5x2-z3fb"},{"vulnerability":"VCID-hyvx-ab9s-uyby"},{"vulnerability":"VCID-k7u9-hhnh-m7f5"},{"vulnerability":"VCID-kxbg-rg3f-ruad"},{"vulnerability":"VCID-rpe2-d8ht-u3ht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.7.6"},{"url":"http://public2.vulnerablecode.io/api/packages/62450?format=json","purl":"pkg:maven/org.jruby/jruby-stdlib@9.1.16.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jruby/jruby-stdlib@9.1.16.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/159766?format=json","purl":"pkg:gem/rubygems-update@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-c9w3-xh7j-57bq"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/159767?format=json","purl":"pkg:gem/rubygems-update@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-c9w3-xh7j-57bq"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/159768?format=json","purl":"pkg:gem/rubygems-update@2.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-c9w3-xh7j-57bq"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/159769?format=json","purl":"pkg:gem/rubygems-update@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-c9w3-xh7j-57bq"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/159770?format=json","purl":"pkg:gem/rubygems-update@2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-c9w3-xh7j-57bq"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/159771?format=json","purl":"pkg:gem/rubygems-update@2.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-c9w3-xh7j-57bq"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/159772?format=json","purl":"pkg:gem/rubygems-update@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-c9w3-xh7j-57bq"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/159773?format=json","purl":"pkg:gem/rubygems-update@2.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-c9w3-xh7j-57bq"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/52312?format=json","purl":"pkg:gem/rubygems-update@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-t8p2-dj3e-r7gt"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/52358?format=json","purl":"pkg:gem/rubygems-update@2.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/55155?format=json","purl":"pkg:gem/rubygems-update@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-68hc-d8u1-yye5"},{"vulnerability":"VCID-bb6n-nq7v-8qex"},{"vulnerability":"VCID-br82-gd5d-pqew"},{"vulnerability":"VCID-c7rs-vbjr-nyfz"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-nd17-pxzx-nyba"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rubygems-update@2.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/146618?format=json","purl":"pkg:rpm/redhat/rh-ruby23-ruby@2.3.8-69?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-361p-4hj9-q7hh"},{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-5g8n-wc8m-1kbe"},{"vulnerability":"VCID-5n7x-6wez-myfx"},{"vulnerability":"VCID-buqt-chxx-nqf9"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-gvp7-3hy2-3bbp"},{"vulnerability":"VCID-hmb2-yyf8-7ff4"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-kj49-ndfe-vqfc"},{"vulnerability":"VCID-mes6-r6ra-7yaj"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby23-ruby@2.3.8-69%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146621?format=json","purl":"pkg:rpm/redhat/rh-ruby23-ruby@2.3.8-69?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-361p-4hj9-q7hh"},{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-5g8n-wc8m-1kbe"},{"vulnerability":"VCID-5n7x-6wez-myfx"},{"vulnerability":"VCID-buqt-chxx-nqf9"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-gvp7-3hy2-3bbp"},{"vulnerability":"VCID-hmb2-yyf8-7ff4"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-kj49-ndfe-vqfc"},{"vulnerability":"VCID-mes6-r6ra-7yaj"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby23-ruby@2.3.8-69%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146622?format=json","purl":"pkg:rpm/redhat/rh-ruby24-ruby@2.4.5-91?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-361p-4hj9-q7hh"},{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-5g8n-wc8m-1kbe"},{"vulnerability":"VCID-5n7x-6wez-myfx"},{"vulnerability":"VCID-buqt-chxx-nqf9"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-gvp7-3hy2-3bbp"},{"vulnerability":"VCID-hmb2-yyf8-7ff4"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-kj49-ndfe-vqfc"},{"vulnerability":"VCID-mes6-r6ra-7yaj"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby24-ruby@2.4.5-91%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146624?format=json","purl":"pkg:rpm/redhat/rh-ruby24-ruby@2.4.5-91?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-361p-4hj9-q7hh"},{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-5g8n-wc8m-1kbe"},{"vulnerability":"VCID-5n7x-6wez-myfx"},{"vulnerability":"VCID-buqt-chxx-nqf9"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-gvp7-3hy2-3bbp"},{"vulnerability":"VCID-hmb2-yyf8-7ff4"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-kj49-ndfe-vqfc"},{"vulnerability":"VCID-mes6-r6ra-7yaj"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby24-ruby@2.4.5-91%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146620?format=json","purl":"pkg:rpm/redhat/rh-ruby25-ruby@2.5.3-6?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-361p-4hj9-q7hh"},{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-5g8n-wc8m-1kbe"},{"vulnerability":"VCID-5n7x-6wez-myfx"},{"vulnerability":"VCID-buqt-chxx-nqf9"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-gvp7-3hy2-3bbp"},{"vulnerability":"VCID-hmb2-yyf8-7ff4"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-kj49-ndfe-vqfc"},{"vulnerability":"VCID-mes6-r6ra-7yaj"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby25-ruby@2.5.3-6%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/150175?format=json","purl":"pkg:rpm/redhat/ruby@2.0.0.648-35?arch=el7_5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-5n7x-6wez-myfx"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-mes6-r6ra-7yaj"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@2.0.0.648-35%3Farch=el7_5"},{"url":"http://public2.vulnerablecode.io/api/packages/150176?format=json","purl":"pkg:rpm/redhat/ruby@2.0.0.648-35?arch=el7_4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-5n7x-6wez-myfx"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-mes6-r6ra-7yaj"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@2.0.0.648-35%3Farch=el7_4"},{"url":"http://public2.vulnerablecode.io/api/packages/146627?format=json","purl":"pkg:rpm/redhat/ruby@2.0.0.648-36?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-361p-4hj9-q7hh"},{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-5g8n-wc8m-1kbe"},{"vulnerability":"VCID-5n7x-6wez-myfx"},{"vulnerability":"VCID-buqt-chxx-nqf9"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-gvp7-3hy2-3bbp"},{"vulnerability":"VCID-hmb2-yyf8-7ff4"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-mes6-r6ra-7yaj"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@2.0.0.648-36%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/150179?format=json","purl":"pkg:rpm/redhat/ruby@2.0.0.648-36?arch=el7_6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bue-qvm7-2fby"},{"vulnerability":"VCID-5n7x-6wez-myfx"},{"vulnerability":"VCID-e7rv-fv84-jygh"},{"vulnerability":"VCID-k6gg-djg6-kbh5"},{"vulnerability":"VCID-mes6-r6ra-7yaj"},{"vulnerability":"VCID-qrbv-et5k-wkdk"},{"vulnerability":"VCID-xqpw-9uap-kugb"},{"vulnerability":"VCID-yxa4-p6gs-7bgr"},{"vulnerability":"VCID-zzey-wstd-p7e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@2.0.0.648-36%3Farch=el7_6"}],"references":[{"reference_url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3729","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3730","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3731","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2028","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0542","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0591","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0663"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000073.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000073.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000073","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77954","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000073"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925986","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925986"},{"reference_url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"},{"reference_url":"https://github.com/rubygems/rubygems","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems"},{"reference_url":"https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2"},{"reference_url":"https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2018-1000073.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2018-1000073.yml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"},{"reference_url":"https://usn.ubuntu.com/3621-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3621-1"},{"reference_url":"https://usn.ubuntu.com/3621-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3621-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4219","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4219"},{"reference_url":"https://www.debian.org/security/2018/dsa-4259","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547418","reference_id":"1547418","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547418"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000073","reference_id":"CVE-2018-1000073","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000073"},{"reference_url":"https://github.com/advisories/GHSA-gx69-6cp4-hxrj","reference_id":"GHSA-gx69-6cp4-hxrj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gx69-6cp4-hxrj"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":59,"name":"Improper Link Resolution Before File Access ('Link Following')","description":"The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":352,"name":"Cross-Site Request Forgery (CSRF)","description":"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request."},{"cwe_id":22,"name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","description":"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."}],"exploits":[],"severity_range_score":"5.5 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrbv-et5k-wkdk"}