[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-2097":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":62,"related":63,"reserved_at":9,"published_at":67,"modified_at":68,"state":69,"summary":70,"references_raw":79,"kevs":123,"epss":124,"epss_history":127,"metrics":387,"affected":397},"CVE-2016-2097","Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[],[],[44,46,48,50,52,54,56,58,60],{"_key":45},"RHSA-2016:0456",{"_key":47},"SUSE-SU-2016:0854-1",{"_key":49},"SUSE-SU-2016:0967-1",{"_key":51},"SUSE-SU-2022:15116-1",{"_key":53},"RHSA-2016:0454",{"_key":55},"RHSA-2016:0455",{"_key":57},"DLA-604-1",{"_key":59},"DSA-3509-1",{"_key":61},"DEBIAN-CVE-2016-2097",[],[64,65,66],{"_key":47},{"_key":49},{"_key":51},"2016-04-07T23:00:00.000Z","2024-08-05T23:17:50.576Z","Modified",{"cisa_kev":71,"cisa_ransomware":71,"cisa_vendor":9,"epss_severity":72,"epss_score":73,"severity":74,"severity_score":75,"severity_version":76,"severity_source":77,"severity_vector":78,"severity_status":69},false,"low",0.01912,"medium",5.3,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",[80,87,92,98,104,108,113,117],{"url":81,"sources":82,"tags":84},"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html",[83,77],"cve.org",[85,86],"Vendor Advisory","X Refsource SUSE",{"url":88,"sources":89,"tags":90},"http://www.debian.org/security/2016/dsa-3509",[83,77],[85,91],"X Refsource DEBIAN",{"url":93,"sources":94,"tags":95},"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ",[83,77],[96,97],"Mailing List","X Refsource MLIST",{"url":99,"sources":100,"tags":101},"http://www.securitytracker.com/id/1035122",[83,77],[102,103],"VDB Entry","X Refsource SECTRACK",{"url":105,"sources":106,"tags":107},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html",[83,77],[85,86],{"url":109,"sources":110,"tags":111},"http://www.securityfocus.com/bid/83726",[83,77],[102,112],"X Refsource BID",{"url":114,"sources":115,"tags":116},"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html",[83,77],[85,86],{"url":118,"sources":119,"tags":120},"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",[83,77],[121,122,85],"X Refsource CONFIRM","Patch",[],{"date":125,"score":73,"percentile":126},"2026-06-04",0.83633,[128,132,135,138,141,144,147,150,152,155,158,161,163,166,169,172,174,177,180,182,185,187,190,193,195,198,201,204,208,211,214,216,219,222,225,227,231,235,238,241,244,248,251,254,257,260,263,266,269,271,274,277,280,283,286,289,292,294,296,300,303,305,307,309,312,315,318,321,324,327,329,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,384],{"date":129,"score":130,"percentile":131},"2025-11-04",0.02816,0.85623,{"date":133,"score":130,"percentile":134},"2025-11-05",0.85627,{"date":136,"score":130,"percentile":137},"2025-11-06",0.8563,{"date":139,"score":130,"percentile":140},"2025-11-07",0.8564,{"date":142,"score":130,"percentile":143},"2025-11-08",0.85643,{"date":145,"score":130,"percentile":146},"2025-11-09",0.85639,{"date":148,"score":130,"percentile":149},"2025-11-10",0.85635,{"date":151,"score":130,"percentile":146},"2025-11-11",{"date":153,"score":130,"percentile":154},"2025-11-12",0.85652,{"date":156,"score":130,"percentile":157},"2025-11-13",0.85658,{"date":159,"score":130,"percentile":160},"2025-11-14",0.8566,{"date":162,"score":130,"percentile":154},"2025-11-15",{"date":164,"score":130,"percentile":165},"2025-11-16",0.8565,{"date":167,"score":130,"percentile":168},"2025-11-17",0.85636,{"date":170,"score":130,"percentile":171},"2025-11-18",0.84861,{"date":173,"score":130,"percentile":171},"2025-11-19",{"date":175,"score":130,"percentile":176},"2025-11-20",0.84867,{"date":178,"score":130,"percentile":179},"2025-11-21",0.85647,{"date":181,"score":130,"percentile":143},"2025-11-22",{"date":183,"score":130,"percentile":184},"2025-11-23",0.85634,{"date":186,"score":130,"percentile":149},"2025-11-24",{"date":188,"score":130,"percentile":189},"2025-11-25",0.85632,{"date":191,"score":130,"percentile":192},"2025-11-26",0.85633,{"date":194,"score":130,"percentile":192},"2025-11-27",{"date":196,"score":130,"percentile":197},"2025-11-28",0.85611,{"date":199,"score":130,"percentile":200},"2025-11-29",0.85664,{"date":202,"score":130,"percentile":203},"2025-11-30",0.85663,{"date":205,"score":206,"percentile":207},"2025-12-01",0.01284,0.79092,{"date":209,"score":206,"percentile":210},"2025-12-02",0.79094,{"date":212,"score":206,"percentile":213},"2025-12-03",0.79095,{"date":215,"score":130,"percentile":203},"2025-12-04",{"date":217,"score":130,"percentile":218},"2025-12-05",0.85666,{"date":220,"score":130,"percentile":221},"2025-12-06",0.85661,{"date":223,"score":130,"percentile":224},"2025-12-07",0.85649,{"date":226,"score":130,"percentile":224},"2025-12-08",{"date":228,"score":229,"percentile":230},"2025-12-09",0.02356,0.84413,{"date":232,"score":233,"percentile":234},"2025-12-10",0.00984,0.76169,{"date":236,"score":233,"percentile":237},"2025-12-11",0.76188,{"date":239,"score":233,"percentile":240},"2025-12-12",0.76211,{"date":242,"score":233,"percentile":243},"2025-12-13",0.76213,{"date":245,"score":246,"percentile":247},"2025-12-14",0.02343,0.84399,{"date":249,"score":246,"percentile":250},"2025-12-15",0.84398,{"date":252,"score":246,"percentile":253},"2025-12-16",0.84406,{"date":255,"score":246,"percentile":256},"2025-12-17",0.84411,{"date":258,"score":246,"percentile":259},"2025-12-18",0.84416,{"date":261,"score":246,"percentile":262},"2025-12-19",0.84422,{"date":264,"score":246,"percentile":265},"2025-12-20",0.84417,{"date":267,"score":246,"percentile":268},"2025-12-21",0.84419,{"date":270,"score":246,"percentile":259},"2025-12-22",{"date":272,"score":246,"percentile":273},"2025-12-23",0.8442,{"date":275,"score":246,"percentile":276},"2025-12-24",0.84429,{"date":278,"score":246,"percentile":279},"2025-12-25",0.84445,{"date":281,"score":246,"percentile":282},"2025-12-26",0.84446,{"date":284,"score":246,"percentile":285},"2025-12-27",0.84499,{"date":287,"score":246,"percentile":288},"2025-12-28",0.84434,{"date":290,"score":246,"percentile":291},"2025-12-29",0.84428,{"date":293,"score":246,"percentile":288},"2025-12-30",{"date":295,"score":246,"percentile":282},"2025-12-31",{"date":297,"score":298,"percentile":299},"2026-01-01",0.01034,0.76982,{"date":301,"score":298,"percentile":302},"2026-01-02",0.76986,{"date":304,"score":298,"percentile":302},"2026-01-03",{"date":306,"score":246,"percentile":288},"2026-01-04",{"date":308,"score":246,"percentile":291},"2026-01-05",{"date":310,"score":246,"percentile":311},"2026-01-06",0.84435,{"date":313,"score":246,"percentile":314},"2026-01-07",0.84432,{"date":316,"score":246,"percentile":317},"2026-01-08",0.84441,{"date":319,"score":246,"percentile":320},"2026-01-09",0.84443,{"date":322,"score":246,"percentile":323},"2026-01-10",0.84439,{"date":325,"score":246,"percentile":326},"2026-01-11",0.84438,{"date":328,"score":246,"percentile":311},"2026-01-12",{"date":330,"score":246,"percentile":314},"2026-01-13",{"date":332,"score":246,"percentile":333},"2026-01-14",0.84452,{"date":335,"score":246,"percentile":336},"2026-01-15",0.84448,{"date":338,"score":246,"percentile":339},"2026-01-16",0.84457,{"date":341,"score":246,"percentile":342},"2026-01-17",0.84462,{"date":344,"score":246,"percentile":345},"2026-01-18",0.84459,{"date":347,"score":246,"percentile":348},"2026-01-19",0.84451,{"date":350,"score":246,"percentile":351},"2026-01-20",0.84455,{"date":353,"score":246,"percentile":354},"2026-01-21",0.84461,{"date":356,"score":246,"percentile":357},"2026-01-22",0.84466,{"date":359,"score":246,"percentile":360},"2026-01-23",0.84481,{"date":362,"score":246,"percentile":363},"2026-01-24",0.84491,{"date":365,"score":246,"percentile":366},"2026-01-25",0.8449,{"date":368,"score":246,"percentile":369},"2026-01-26",0.84489,{"date":371,"score":246,"percentile":372},"2026-01-27",0.84492,{"date":374,"score":246,"percentile":375},"2026-01-28",0.84496,{"date":377,"score":246,"percentile":378},"2026-01-29",0.84497,{"date":380,"score":246,"percentile":381},"2026-01-30",0.845,{"date":383,"score":246,"percentile":381},"2026-01-31",{"date":385,"score":298,"percentile":386},"2026-02-01",0.77052,[388],{"source":77,"cvss_v2_0":389,"cvss_v3_0":394,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":390,"baseSeverity":9,"vectorString":391,"impactScore":392,"exploitabilityScore":393},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":75,"baseSeverity":395,"vectorString":78,"impactScore":396,"exploitabilityScore":393},"MEDIUM",2.3,[398,502],{"ecosystem":9,"name":399,"vendor":400,"product":399,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":402},"rails","rubyonrails","a",[403,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,454,456,458,460,462,464,466,468,470,472,474,476,478,480,482,484,486,488,490,492,494,496,498,500],{"version":404,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.0","cpe",{"version":407,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.0:beta",{"version":409,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.0:rc1",{"version":411,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.0:rc2",{"version":413,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.1",{"version":415,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.1:rc1",{"version":417,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.1:rc2",{"version":419,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.1:rc3",{"version":421,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.1:rc4",{"version":423,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.2",{"version":425,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.3",{"version":427,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.4",{"version":429,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.4:rc1",{"version":431,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.5",{"version":433,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.6",{"version":435,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.6:rc1",{"version":437,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.6:rc2",{"version":439,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.6:rc3",{"version":441,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.7",{"version":443,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.8",{"version":445,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.9",{"version":447,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.10:rc1",{"version":449,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.0",{"version":451,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.0:beta1",{"version":453,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.0:beta2",{"version":455,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.0:rc1",{"version":457,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.0:rc2",{"version":459,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.1",{"version":461,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.2",{"version":463,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.2:rc1",{"version":465,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.2:rc2",{"version":467,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.2:rc3",{"version":469,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.3",{"version":471,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.4",{"version":473,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.5",{"version":475,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.6:rc1",{"version":477,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.6:rc2",{"version":479,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.7",{"version":481,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.7.1",{"version":483,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.8",{"version":485,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.9:rc1",{"version":487,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.10:rc1",{"version":489,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.10:rc2",{"version":491,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.10:rc3",{"version":493,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.10:rc4",{"version":495,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.12:rc1",{"version":497,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.13:rc1",{"version":499,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.14:rc1",{"version":501,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.14:rc2",{"ecosystem":9,"name":503,"vendor":400,"product":504,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":505},"ruby on rails","ruby_on_rails",[506,511],{"version":507,"is_range":508,"range_type":405,"version_start":9,"version_start_type":9,"version_end":509,"version_end_type":510,"fixed_in":9},"lte3.2.22.1",true,"3.2.22.1","including",{"version":512,"is_range":71,"range_type":405,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1.14.1"]