[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2013-4164":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":96,"duplicate_of":9,"upstream":97,"downstream":98,"duplicates":117,"related":118,"reserved_at":9,"published_at":120,"modified_at":121,"state":122,"summary":123,"references_raw":130,"kevs":233,"epss":234,"epss_history":237,"metrics":492,"affected":497},"CVE-2013-4164","Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[69,78],{"_key":70,"name":71,"source":72,"url":73,"maturity":74,"reliability_score":75,"verified":76,"type":9,"platforms":77,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_A2886447B156F7E9","Exploit Reference (ruby-lang.org)","reference","https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164","unknown",0.2,false,[],{"_key":79,"name":80,"source":81,"url":82,"maturity":83,"reliability_score":84,"verified":76,"type":85,"platforms":86,"requires_auth":76,"exploitdb":9,"metasploit":87},"MSF_AUXILIARY_DOS_HTTP_RAILS_JSON_FLOAT_DOS","Ruby on Rails JSON Processor Floating Point Heap Overflow DoS","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/rails_json_float_dos.rb","poc",0.5,"remote",[],{"fullname":88,"rank":89,"rank_name":90,"post_auth":76,"check":76,"notes":91},"auxiliary/dos/http/rails_json_float_dos",300,"normal",{"Stability":92,"SideEffects":94,"Reliability":95},[93],"crash-service-down",[],[],[],[],[99,101,103,105,107,109,111,113,115],{"_key":100},"RHSA-2013:1763",{"_key":102},"RHSA-2013:1764",{"_key":104},"RHSA-2013:1767",{"_key":106},"RHSA-2014:0011",{"_key":108},"RHSA-2014:0215",{"_key":110},"DSA-2809-1",{"_key":112},"DSA-2810-1",{"_key":114},"MGASA-2014-0003",{"_key":116},"UBUNTU-CVE-2013-4164",[],[119],{"_key":114},"2013-11-23T19:00:00.000Z","2024-08-06T16:30:50.071Z","Modified",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":124,"epss_score":125,"severity":124,"severity_score":126,"severity_version":127,"severity_source":128,"severity_vector":129,"severity_status":122},"medium",0.11958,6.8,"v2.0","nvd","AV:N/AC:M/Au:N/C:P/I:P/A:P",[131,137,143,148,153,157,162,166,170,174,179,185,189,193,197,201,205,210,215,221,225,229],{"url":132,"sources":133,"tags":135},"https://puppet.com/security/cve/cve-2013-4164",[134,128],"cve.org",[136],"X Refsource CONFIRM",{"url":138,"sources":139,"tags":140},"http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html",[134,128],[141,142],"Vendor Advisory","X Refsource APPLE",{"url":144,"sources":145,"tags":146},"http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html",[134,128],[141,147],"X Refsource SUSE",{"url":149,"sources":150,"tags":151},"http://www.ubuntu.com/usn/USN-2035-1",[134,128],[141,152],"X Refsource UBUNTU",{"url":154,"sources":155,"tags":156},"http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html",[134,128],[141,142],{"url":158,"sources":159,"tags":160},"http://rhn.redhat.com/errata/RHSA-2014-0215.html",[134,128],[141,161],"X Refsource REDHAT",{"url":163,"sources":164,"tags":165},"http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html",[134,128],[141,147],{"url":167,"sources":168,"tags":169},"http://rhn.redhat.com/errata/RHSA-2013-1763.html",[134,128],[141,161],{"url":171,"sources":172,"tags":173},"http://rhn.redhat.com/errata/RHSA-2013-1764.html",[134,128],[141,161],{"url":175,"sources":176,"tags":177},"https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released",[134,128],[136,178],"Patch",{"url":180,"sources":181,"tags":182},"http://www.securityfocus.com/bid/63873",[134,128],[183,184],"VDB Entry","X Refsource BID",{"url":73,"sources":186,"tags":187},[134,128],[136,188],"Exploit",{"url":190,"sources":191,"tags":192},"http://rhn.redhat.com/errata/RHSA-2013-1767.html",[134,128],[141,161],{"url":194,"sources":195,"tags":196},"http://rhn.redhat.com/errata/RHSA-2014-0011.html",[134,128],[141,161],{"url":198,"sources":199,"tags":200},"http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html",[134,128],[141,147],{"url":202,"sources":203,"tags":204},"https://support.apple.com/kb/HT6536",[134,128],[136],{"url":206,"sources":207,"tags":208},"http://osvdb.org/100113",[134,128],[183,209],"X Refsource OSVDB",{"url":211,"sources":212,"tags":213},"http://www.debian.org/security/2013/dsa-2810",[134,128],[141,214],"X Refsource DEBIAN",{"url":216,"sources":217,"tags":218},"http://secunia.com/advisories/57376",[134,128],[219,220],"Third Party Advisory","X Refsource SECUNIA",{"url":222,"sources":223,"tags":224},"https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released",[134,128],[136],{"url":226,"sources":227,"tags":228},"http://www.debian.org/security/2013/dsa-2809",[134,128],[141,214],{"url":230,"sources":231,"tags":232},"http://secunia.com/advisories/55787",[134,128],[219,220,141],[],{"date":235,"score":125,"percentile":236},"2026-06-05",0.93902,[238,242,245,247,250,253,256,259,261,263,266,269,271,273,275,278,281,284,287,290,293,296,299,302,305,308,311,314,318,321,324,327,329,331,334,337,340,343,346,349,352,356,359,361,364,367,369,372,374,377,380,383,386,389,393,396,399,401,403,407,410,413,416,418,421,423,425,427,430,432,435,438,441,444,447,450,453,455,457,460,463,466,469,472,475,477,480,483,485,488],{"date":239,"score":240,"percentile":241},"2025-11-04",0.16449,0.94602,{"date":243,"score":240,"percentile":244},"2025-11-05",0.94601,{"date":246,"score":240,"percentile":244},"2025-11-06",{"date":248,"score":240,"percentile":249},"2025-11-07",0.94603,{"date":251,"score":240,"percentile":252},"2025-11-08",0.946,{"date":254,"score":240,"percentile":255},"2025-11-09",0.94598,{"date":257,"score":240,"percentile":258},"2025-11-10",0.94599,{"date":260,"score":240,"percentile":258},"2025-11-11",{"date":262,"score":240,"percentile":249},"2025-11-12",{"date":264,"score":240,"percentile":265},"2025-11-13",0.94604,{"date":267,"score":240,"percentile":268},"2025-11-14",0.94606,{"date":270,"score":240,"percentile":244},"2025-11-15",{"date":272,"score":240,"percentile":268},"2025-11-16",{"date":274,"score":240,"percentile":268},"2025-11-17",{"date":276,"score":240,"percentile":277},"2025-11-18",0.94343,{"date":279,"score":240,"percentile":280},"2025-11-19",0.94347,{"date":282,"score":240,"percentile":283},"2025-11-20",0.94349,{"date":285,"score":240,"percentile":286},"2025-11-21",0.94611,{"date":288,"score":240,"percentile":289},"2025-11-22",0.94609,{"date":291,"score":240,"percentile":292},"2025-11-23",0.94612,{"date":294,"score":240,"percentile":295},"2025-11-24",0.94614,{"date":297,"score":240,"percentile":298},"2025-11-25",0.94617,{"date":300,"score":240,"percentile":301},"2025-11-26",0.94618,{"date":303,"score":240,"percentile":304},"2025-11-27",0.94622,{"date":306,"score":240,"percentile":307},"2025-11-28",0.94619,{"date":309,"score":240,"percentile":310},"2025-11-29",0.94623,{"date":312,"score":240,"percentile":313},"2025-11-30",0.9462,{"date":315,"score":316,"percentile":317},"2025-12-01",0.2217,0.95604,{"date":319,"score":316,"percentile":320},"2025-12-02",0.95603,{"date":322,"score":316,"percentile":323},"2025-12-03",0.95605,{"date":325,"score":240,"percentile":326},"2025-12-04",0.94616,{"date":328,"score":240,"percentile":313},"2025-12-05",{"date":330,"score":240,"percentile":307},"2025-12-06",{"date":332,"score":240,"percentile":333},"2025-12-07",0.94625,{"date":335,"score":240,"percentile":336},"2025-12-08",0.94626,{"date":338,"score":240,"percentile":339},"2025-12-09",0.94631,{"date":341,"score":240,"percentile":342},"2025-12-10",0.94637,{"date":344,"score":240,"percentile":345},"2025-12-11",0.9464,{"date":347,"score":240,"percentile":348},"2025-12-12",0.94643,{"date":350,"score":240,"percentile":351},"2025-12-13",0.94642,{"date":353,"score":354,"percentile":355},"2025-12-14",0.11281,0.93268,{"date":357,"score":354,"percentile":358},"2025-12-15",0.93271,{"date":360,"score":354,"percentile":355},"2025-12-16",{"date":362,"score":354,"percentile":363},"2025-12-17",0.93273,{"date":365,"score":354,"percentile":366},"2025-12-18",0.93277,{"date":368,"score":354,"percentile":366},"2025-12-19",{"date":370,"score":354,"percentile":371},"2025-12-20",0.93274,{"date":373,"score":354,"percentile":366},"2025-12-21",{"date":375,"score":354,"percentile":376},"2025-12-22",0.93285,{"date":378,"score":354,"percentile":379},"2025-12-23",0.93276,{"date":381,"score":354,"percentile":382},"2025-12-24",0.93282,{"date":384,"score":354,"percentile":385},"2025-12-25",0.93297,{"date":387,"score":354,"percentile":388},"2025-12-26",0.93295,{"date":390,"score":391,"percentile":392},"2025-12-27",0.12317,0.9368,{"date":394,"score":354,"percentile":395},"2025-12-28",0.93292,{"date":397,"score":354,"percentile":398},"2025-12-29",0.9329,{"date":400,"score":354,"percentile":395},"2025-12-30",{"date":402,"score":354,"percentile":385},"2025-12-31",{"date":404,"score":405,"percentile":406},"2026-01-01",0.2146,0.95566,{"date":408,"score":405,"percentile":409},"2026-01-02",0.95561,{"date":411,"score":405,"percentile":412},"2026-01-03",0.95558,{"date":414,"score":354,"percentile":415},"2026-01-04",0.93289,{"date":417,"score":354,"percentile":376},"2026-01-05",{"date":419,"score":354,"percentile":420},"2026-01-06",0.93287,{"date":422,"score":354,"percentile":420},"2026-01-07",{"date":424,"score":354,"percentile":398},"2026-01-08",{"date":426,"score":354,"percentile":388},"2026-01-09",{"date":428,"score":354,"percentile":429},"2026-01-10",0.93296,{"date":431,"score":354,"percentile":388},"2026-01-11",{"date":433,"score":354,"percentile":434},"2026-01-12",0.93293,{"date":436,"score":125,"percentile":437},"2026-01-13",0.93528,{"date":439,"score":125,"percentile":440},"2026-01-14",0.93536,{"date":442,"score":125,"percentile":443},"2026-01-15",0.93538,{"date":445,"score":125,"percentile":446},"2026-01-16",0.93544,{"date":448,"score":125,"percentile":449},"2026-01-17",0.93549,{"date":451,"score":125,"percentile":452},"2026-01-18",0.93543,{"date":454,"score":125,"percentile":452},"2026-01-19",{"date":456,"score":125,"percentile":446},"2026-01-20",{"date":458,"score":125,"percentile":459},"2026-01-21",0.93547,{"date":461,"score":125,"percentile":462},"2026-01-22",0.9355,{"date":464,"score":125,"percentile":465},"2026-01-23",0.93554,{"date":467,"score":125,"percentile":468},"2026-01-24",0.93557,{"date":470,"score":125,"percentile":471},"2026-01-25",0.93559,{"date":473,"score":125,"percentile":474},"2026-01-26",0.93561,{"date":476,"score":125,"percentile":474},"2026-01-27",{"date":478,"score":125,"percentile":479},"2026-01-28",0.93565,{"date":481,"score":125,"percentile":482},"2026-01-29",0.93566,{"date":484,"score":125,"percentile":482},"2026-01-30",{"date":486,"score":125,"percentile":487},"2026-01-31",0.93569,{"date":489,"score":490,"percentile":491},"2026-02-01",0.2256,0.9572,[493],{"source":128,"cvss_v2_0":494,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":126,"baseSeverity":9,"vectorString":129,"impactScore":495,"exploitabilityScore":496},6.4,8.6,[498],{"ecosystem":9,"name":499,"vendor":500,"product":499,"cpe_part":501,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":502},"ruby","ruby-lang","a",[503,506,508,510,512,514,516],{"version":504,"is_range":76,"range_type":505,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.8","cpe",{"version":507,"is_range":76,"range_type":505,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9",{"version":509,"is_range":76,"range_type":505,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9.1",{"version":511,"is_range":76,"range_type":505,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9.2",{"version":513,"is_range":76,"range_type":505,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9.3",{"version":515,"is_range":76,"range_type":505,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.0",{"version":517,"is_range":76,"range_type":505,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.1:preview1"]