[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2009-4492":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":53,"duplicate_of":9,"upstream":54,"downstream":55,"duplicates":60,"related":61,"reserved_at":9,"published_at":62,"modified_at":63,"state":64,"summary":65,"references_raw":72,"kevs":124,"epss":125,"epss_history":128,"metrics":378,"affected":383},"CVE-2009-4492","WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[19,28,33,38],{"_key":20,"name":21,"source":22,"url":23,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":27,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_6B37BF902816F921","Exploit Reference (ush.it)","reference","http://www.ush.it/team/ush/hack_httpd_escape/adv.txt","unknown",0.2,false,[],{"_key":29,"name":30,"source":22,"url":31,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":32,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_BCB3948467C42440","Exploit Reference (securityfocus.com)","http://www.securityfocus.com/bid/37710",[],{"_key":34,"name":35,"source":22,"url":36,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":37,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_55A0860CB26899A5","Exploit Reference (securitytracker.com)","http://securitytracker.com/id?1023429",[],{"_key":39,"name":40,"source":41,"url":42,"maturity":43,"reliability_score":44,"verified":45,"type":46,"platforms":47,"requires_auth":9,"exploitdb":49,"metasploit":9},"33489","Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection","exploit-database","https://www.exploit-db.com/exploits/33489","weaponized",0.8,true,"remote",[48],"multiple",{"verified":45,"type":46,"platform":48,"file":50,"codes":51},"exploits/multiple/remote/33489.txt",[7,52],"OSVDB-61774",[],[],[56,58],{"_key":57},"RHSA-2011:0908",{"_key":59},"RHSA-2011:0909",[],[],"2010-01-13T20:00:00.000Z","2024-08-07T07:01:20.327Z","Modified",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":66,"epss_score":67,"severity":66,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":64},"high",0.21101,7.5,"v2.0","nvd","AV:N/AC:L/Au:N/C:P/I:P/A:P",[73,81,87,93,100,104,110,114,120],{"url":74,"sources":75,"tags":77},"http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection",[76,70],"cve.org",[78,79,80],"X Refsource CONFIRM","Patch","Vendor Advisory",{"url":82,"sources":83,"tags":84},"http://www.redhat.com/support/errata/RHSA-2011-0909.html",[76,70],[80,85,86],"X Refsource REDHAT","Third Party Advisory",{"url":88,"sources":89,"tags":90},"http://secunia.com/advisories/37949",[76,70],[86,91,92,80],"X Refsource SECUNIA","Not Applicable",{"url":94,"sources":95,"tags":96},"http://www.vupen.com/english/advisories/2010/0089",[76,70],[97,98,99],"VDB Entry","X Refsource VUPEN","Permissions Required",{"url":101,"sources":102,"tags":103},"http://www.redhat.com/support/errata/RHSA-2011-0908.html",[76,70],[80,85,86],{"url":23,"sources":105,"tags":106},[76,70],[107,108,109],"X Refsource MISC","Broken Link","Exploit",{"url":31,"sources":111,"tags":112},[76,70],[97,113,108,109,86],"X Refsource BID",{"url":115,"sources":116,"tags":117},"http://www.securityfocus.com/archive/1/508830/100/0/threaded",[76,70],[118,119,108,86,97],"Mailing List","X Refsource BUGTRAQ",{"url":36,"sources":121,"tags":122},[76,70],[97,123,108,109,86],"X Refsource SECTRACK",[],{"date":126,"score":67,"percentile":127},"2026-06-04",0.95763,[129,133,136,139,142,145,148,150,153,156,159,162,165,167,169,172,175,178,181,184,187,190,193,196,198,201,204,208,211,213,215,218,220,223,226,229,232,235,238,241,243,246,249,252,255,258,261,264,267,269,272,275,278,281,285,288,291,293,295,298,301,304,306,309,311,313,315,317,319,322,325,327,329,331,334,336,338,340,342,345,348,351,354,357,360,362,365,369,372,375],{"date":130,"score":131,"percentile":132},"2025-11-04",0.10657,0.92957,{"date":134,"score":131,"percentile":135},"2025-11-05",0.92958,{"date":137,"score":131,"percentile":138},"2025-11-06",0.92959,{"date":140,"score":131,"percentile":141},"2025-11-07",0.92964,{"date":143,"score":131,"percentile":144},"2025-11-08",0.92965,{"date":146,"score":131,"percentile":147},"2025-11-09",0.92963,{"date":149,"score":131,"percentile":141},"2025-11-10",{"date":151,"score":131,"percentile":152},"2025-11-11",0.92969,{"date":154,"score":131,"percentile":155},"2025-11-12",0.92976,{"date":157,"score":131,"percentile":158},"2025-11-13",0.92979,{"date":160,"score":131,"percentile":161},"2025-11-14",0.92982,{"date":163,"score":131,"percentile":164},"2025-11-15",0.92977,{"date":166,"score":131,"percentile":161},"2025-11-16",{"date":168,"score":131,"percentile":158},"2025-11-17",{"date":170,"score":131,"percentile":171},"2025-11-18",0.92547,{"date":173,"score":131,"percentile":174},"2025-11-19",0.9255,{"date":176,"score":131,"percentile":177},"2025-11-20",0.92555,{"date":179,"score":131,"percentile":180},"2025-11-21",0.92996,{"date":182,"score":131,"percentile":183},"2025-11-22",0.92994,{"date":185,"score":131,"percentile":186},"2025-11-23",0.92998,{"date":188,"score":131,"percentile":189},"2025-11-24",0.92999,{"date":191,"score":131,"percentile":192},"2025-11-25",0.93001,{"date":194,"score":131,"percentile":195},"2025-11-26",0.93,{"date":197,"score":131,"percentile":189},"2025-11-27",{"date":199,"score":131,"percentile":200},"2025-11-28",0.92993,{"date":202,"score":131,"percentile":203},"2025-11-29",0.93007,{"date":205,"score":206,"percentile":207},"2025-11-30",0.16086,0.94524,{"date":209,"score":206,"percentile":210},"2025-12-01",0.94571,{"date":212,"score":206,"percentile":210},"2025-12-02",{"date":214,"score":206,"percentile":210},"2025-12-03",{"date":216,"score":206,"percentile":217},"2025-12-04",0.94521,{"date":219,"score":206,"percentile":207},"2025-12-05",{"date":221,"score":206,"percentile":222},"2025-12-06",0.94523,{"date":224,"score":206,"percentile":225},"2025-12-07",0.94529,{"date":227,"score":206,"percentile":228},"2025-12-08",0.9453,{"date":230,"score":206,"percentile":231},"2025-12-09",0.94534,{"date":233,"score":206,"percentile":234},"2025-12-10",0.9454,{"date":236,"score":206,"percentile":237},"2025-12-11",0.94543,{"date":239,"score":206,"percentile":240},"2025-12-12",0.94546,{"date":242,"score":206,"percentile":240},"2025-12-13",{"date":244,"score":206,"percentile":245},"2025-12-14",0.94544,{"date":247,"score":206,"percentile":248},"2025-12-15",0.94549,{"date":250,"score":206,"percentile":251},"2025-12-16",0.94552,{"date":253,"score":206,"percentile":254},"2025-12-17",0.94554,{"date":256,"score":206,"percentile":257},"2025-12-18",0.94557,{"date":259,"score":206,"percentile":260},"2025-12-19",0.94558,{"date":262,"score":206,"percentile":263},"2025-12-20",0.94559,{"date":265,"score":206,"percentile":266},"2025-12-21",0.94561,{"date":268,"score":206,"percentile":266},"2025-12-22",{"date":270,"score":206,"percentile":271},"2025-12-23",0.9456,{"date":273,"score":206,"percentile":274},"2025-12-24",0.94567,{"date":276,"score":206,"percentile":277},"2025-12-25",0.94575,{"date":279,"score":206,"percentile":280},"2025-12-26",0.94574,{"date":282,"score":283,"percentile":284},"2025-12-27",0.2327,0.95785,{"date":286,"score":206,"percentile":287},"2025-12-28",0.94569,{"date":289,"score":206,"percentile":290},"2025-12-29",0.9457,{"date":292,"score":206,"percentile":210},"2025-12-30",{"date":294,"score":206,"percentile":277},"2025-12-31",{"date":296,"score":206,"percentile":297},"2026-01-01",0.9462,{"date":299,"score":206,"percentile":300},"2026-01-02",0.94614,{"date":302,"score":206,"percentile":303},"2026-01-03",0.94611,{"date":305,"score":206,"percentile":290},"2026-01-04",{"date":307,"score":206,"percentile":308},"2026-01-05",0.94565,{"date":310,"score":206,"percentile":308},"2026-01-06",{"date":312,"score":206,"percentile":308},"2026-01-07",{"date":314,"score":206,"percentile":290},"2026-01-08",{"date":316,"score":206,"percentile":210},"2026-01-09",{"date":318,"score":206,"percentile":290},"2026-01-10",{"date":320,"score":206,"percentile":321},"2026-01-11",0.94568,{"date":323,"score":206,"percentile":324},"2026-01-12",0.94566,{"date":326,"score":206,"percentile":324},"2026-01-13",{"date":328,"score":206,"percentile":290},"2026-01-14",{"date":330,"score":206,"percentile":290},"2026-01-15",{"date":332,"score":206,"percentile":333},"2026-01-16",0.94573,{"date":335,"score":206,"percentile":277},"2026-01-17",{"date":337,"score":206,"percentile":333},"2026-01-18",{"date":339,"score":206,"percentile":287},"2026-01-19",{"date":341,"score":206,"percentile":280},"2026-01-20",{"date":343,"score":206,"percentile":344},"2026-01-21",0.94576,{"date":346,"score":206,"percentile":347},"2026-01-22",0.94579,{"date":349,"score":206,"percentile":350},"2026-01-23",0.94585,{"date":352,"score":206,"percentile":353},"2026-01-24",0.94589,{"date":355,"score":206,"percentile":356},"2026-01-25",0.9459,{"date":358,"score":206,"percentile":359},"2026-01-26",0.94591,{"date":361,"score":206,"percentile":356},"2026-01-27",{"date":363,"score":206,"percentile":364},"2026-01-28",0.94593,{"date":366,"score":367,"percentile":368},"2026-01-29",0.17685,0.94921,{"date":370,"score":367,"percentile":371},"2026-01-30",0.94922,{"date":373,"score":367,"percentile":374},"2026-01-31",0.94923,{"date":376,"score":367,"percentile":377},"2026-02-01",0.94957,[379],{"source":70,"cvss_v2_0":380,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":9,"vectorString":71,"impactScore":381,"exploitabilityScore":382},6.4,10,[384],{"ecosystem":9,"name":385,"vendor":386,"product":385,"cpe_part":387,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":388},"webrick","ruby-lang","a",[389],{"version":390,"is_range":26,"range_type":391,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.3.1","cpe"]