[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-0898":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":46,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":77,"related":78,"reserved_at":9,"published_at":81,"modified_at":82,"state":83,"summary":84,"references_raw":92,"kevs":158,"epss":159,"epss_history":162,"metrics":431,"affected":441},"CVE-2017-0898","Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-134","Use of Externally-Controlled Format String","The product uses a function that accepts a format string as an argument, but the format string originates from an external source.","weakness","Draft","Base","High",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-135","Format String Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-67","String Format Overflow in syslog()",[],[29,38],{"_key":30,"name":31,"source":32,"url":33,"maturity":34,"reliability_score":35,"verified":36,"type":9,"platforms":37,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_MRUBY_MRUBY","Mruby","github","https://github.com/mruby/mruby/issues/6650#issuecomment-3430851605","poc",0.3,false,[],{"_key":39,"name":40,"source":41,"url":42,"maturity":43,"reliability_score":44,"verified":36,"type":9,"platforms":45,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_46947C85F6D9057F","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/212241","unknown",0.2,[],[],[],[49,51,53,55,57,59,61,63,65,67,69,71,73,75],{"_key":50},"ALPINE-CVE-2017-0898",{"_key":52},"SUSE-SU-2020:1570-1",{"_key":54},"DLA-1113-1",{"_key":56},"DLA-1114-1",{"_key":58},"DLA-1421-1",{"_key":60},"DSA-4031-1",{"_key":62},"MGASA-2017-0371",{"_key":64},"UBUNTU-CVE-2017-0898",{"_key":66},"USN-3439-1",{"_key":68},"USN-3685-1",{"_key":70},"RHSA-2017:3485",{"_key":72},"RHSA-2018:0378",{"_key":74},"RHSA-2018:0583",{"_key":76},"RHSA-2018:0585",[],[79,80],{"_key":52},{"_key":62},"2017-09-15T19:00:00.000Z","2024-09-17T01:36:46.258Z","Modified",{"cisa_kev":36,"cisa_ransomware":36,"cisa_vendor":9,"epss_severity":85,"epss_score":86,"severity":87,"severity_score":88,"severity_version":89,"severity_source":90,"severity_vector":91,"severity_status":83},"low",0.01399,"critical",9.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",[93,100,106,111,115,120,126,131,135,141,145,149,153],{"url":94,"sources":95,"tags":97},"https://usn.ubuntu.com/3685-1/",[96,90],"cve.org",[98,99],"Vendor Advisory","X Refsource UBUNTU",{"url":42,"sources":101,"tags":102},[96,90],[103,104,105],"X Refsource MISC","Exploit","Third Party Advisory",{"url":107,"sources":108,"tags":109},"https://access.redhat.com/errata/RHSA-2018:0585",[96,90],[98,110],"X Refsource REDHAT",{"url":112,"sources":113,"tags":114},"https://access.redhat.com/errata/RHSA-2018:0378",[96,90],[98,110],{"url":116,"sources":117,"tags":118},"https://www.debian.org/security/2017/dsa-4031",[96,90],[98,119],"X Refsource DEBIAN",{"url":121,"sources":122,"tags":123},"http://www.securityfocus.com/bid/100862",[96,90],[124,125,105],"VDB Entry","X Refsource BID",{"url":127,"sources":128,"tags":129},"http://www.securitytracker.com/id/1039363",[96,90],[124,130,105],"X Refsource SECTRACK",{"url":132,"sources":133,"tags":134},"https://access.redhat.com/errata/RHSA-2017:3485",[96,90],[98,110],{"url":136,"sources":137,"tags":138},"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html",[96,90],[139,140],"Mailing List","X Refsource MLIST",{"url":142,"sources":143,"tags":144},"https://access.redhat.com/errata/RHSA-2018:0583",[96,90],[98,110],{"url":146,"sources":147,"tags":148},"https://github.com/mruby/mruby/issues/3722",[96,90],[103,104,105],{"url":150,"sources":151,"tags":152},"https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/",[96,90],[103,98],{"url":154,"sources":155,"tags":156},"https://security.gentoo.org/glsa/201710-18",[96,90],[98,157],"X Refsource GENTOO",[],{"date":160,"score":86,"percentile":161},"2026-06-04",0.8075,[163,167,170,173,176,179,182,185,188,191,194,197,200,203,206,209,212,215,217,221,224,227,230,233,236,239,242,245,249,252,255,258,260,263,266,268,271,274,277,280,283,286,289,292,295,298,301,304,307,310,313,316,319,322,326,329,331,334,337,341,344,347,350,353,356,359,362,365,368,371,374,377,379,382,385,388,391,394,397,400,403,406,409,412,414,417,419,422,425,428],{"date":164,"score":165,"percentile":166},"2025-11-04",0.00846,0.74098,{"date":168,"score":165,"percentile":169},"2025-11-05",0.74082,{"date":171,"score":165,"percentile":172},"2025-11-06",0.7408,{"date":174,"score":165,"percentile":175},"2025-11-07",0.74099,{"date":177,"score":165,"percentile":178},"2025-11-08",0.74096,{"date":180,"score":165,"percentile":181},"2025-11-09",0.7409,{"date":183,"score":165,"percentile":184},"2025-11-10",0.74076,{"date":186,"score":165,"percentile":187},"2025-11-11",0.74078,{"date":189,"score":165,"percentile":190},"2025-11-12",0.74097,{"date":192,"score":165,"percentile":193},"2025-11-13",0.74104,{"date":195,"score":165,"percentile":196},"2025-11-14",0.74109,{"date":198,"score":165,"percentile":199},"2025-11-15",0.74107,{"date":201,"score":165,"percentile":202},"2025-11-16",0.74103,{"date":204,"score":165,"percentile":205},"2025-11-17",0.74093,{"date":207,"score":165,"percentile":208},"2025-11-18",0.72797,{"date":210,"score":165,"percentile":211},"2025-11-19",0.72805,{"date":213,"score":165,"percentile":214},"2025-11-20",0.72813,{"date":216,"score":165,"percentile":196},"2025-11-21",{"date":218,"score":219,"percentile":220},"2025-11-22",0.0087,0.74471,{"date":222,"score":219,"percentile":223},"2025-11-23",0.74458,{"date":225,"score":219,"percentile":226},"2025-11-24",0.74454,{"date":228,"score":219,"percentile":229},"2025-11-25",0.74456,{"date":231,"score":219,"percentile":232},"2025-11-26",0.74462,{"date":234,"score":219,"percentile":235},"2025-11-27",0.74463,{"date":237,"score":219,"percentile":238},"2025-11-28",0.74452,{"date":240,"score":219,"percentile":241},"2025-11-29",0.7445,{"date":243,"score":219,"percentile":244},"2025-11-30",0.74448,{"date":246,"score":247,"percentile":248},"2025-12-01",0.02126,0.83679,{"date":250,"score":247,"percentile":251},"2025-12-02",0.83681,{"date":253,"score":247,"percentile":254},"2025-12-03",0.83684,{"date":256,"score":219,"percentile":257},"2025-12-04",0.74443,{"date":259,"score":219,"percentile":238},"2025-12-05",{"date":261,"score":219,"percentile":262},"2025-12-06",0.74455,{"date":264,"score":219,"percentile":265},"2025-12-07",0.74453,{"date":267,"score":219,"percentile":229},"2025-12-08",{"date":269,"score":219,"percentile":270},"2025-12-09",0.74483,{"date":272,"score":219,"percentile":273},"2025-12-10",0.74513,{"date":275,"score":165,"percentile":276},"2025-12-11",0.74171,{"date":278,"score":165,"percentile":279},"2025-12-12",0.74194,{"date":281,"score":165,"percentile":282},"2025-12-13",0.74199,{"date":284,"score":165,"percentile":285},"2025-12-14",0.74198,{"date":287,"score":165,"percentile":288},"2025-12-15",0.74202,{"date":290,"score":165,"percentile":291},"2025-12-16",0.74213,{"date":293,"score":165,"percentile":294},"2025-12-17",0.74224,{"date":296,"score":165,"percentile":297},"2025-12-18",0.74244,{"date":299,"score":165,"percentile":300},"2025-12-19",0.74261,{"date":302,"score":165,"percentile":303},"2025-12-20",0.74259,{"date":305,"score":165,"percentile":306},"2025-12-21",0.74251,{"date":308,"score":165,"percentile":309},"2025-12-22",0.74252,{"date":311,"score":165,"percentile":312},"2025-12-23",0.74243,{"date":314,"score":165,"percentile":315},"2025-12-24",0.74255,{"date":317,"score":165,"percentile":318},"2025-12-25",0.74282,{"date":320,"score":165,"percentile":321},"2025-12-26",0.74277,{"date":323,"score":324,"percentile":325},"2025-12-27",0.0081,0.7369,{"date":327,"score":165,"percentile":328},"2025-12-28",0.74256,{"date":330,"score":165,"percentile":309},"2025-12-29",{"date":332,"score":165,"percentile":333},"2025-12-30",0.74268,{"date":335,"score":165,"percentile":336},"2025-12-31",0.74294,{"date":338,"score":339,"percentile":340},"2026-01-01",0.0207,0.8355,{"date":342,"score":339,"percentile":343},"2026-01-02",0.83547,{"date":345,"score":339,"percentile":346},"2026-01-03",0.83542,{"date":348,"score":165,"percentile":349},"2026-01-04",0.74306,{"date":351,"score":165,"percentile":352},"2026-01-05",0.74299,{"date":354,"score":165,"percentile":355},"2026-01-06",0.74315,{"date":357,"score":165,"percentile":358},"2026-01-07",0.74322,{"date":360,"score":165,"percentile":361},"2026-01-08",0.74335,{"date":363,"score":165,"percentile":364},"2026-01-09",0.74341,{"date":366,"score":165,"percentile":367},"2026-01-10",0.74337,{"date":369,"score":165,"percentile":370},"2026-01-11",0.74325,{"date":372,"score":165,"percentile":373},"2026-01-12",0.74314,{"date":375,"score":165,"percentile":376},"2026-01-13",0.74313,{"date":378,"score":165,"percentile":367},"2026-01-14",{"date":380,"score":165,"percentile":381},"2026-01-15",0.74345,{"date":383,"score":165,"percentile":384},"2026-01-16",0.74361,{"date":386,"score":165,"percentile":387},"2026-01-17",0.74358,{"date":389,"score":165,"percentile":390},"2026-01-18",0.74334,{"date":392,"score":165,"percentile":393},"2026-01-19",0.74324,{"date":395,"score":165,"percentile":396},"2026-01-20",0.7433,{"date":398,"score":165,"percentile":399},"2026-01-21",0.74333,{"date":401,"score":165,"percentile":402},"2026-01-22",0.74339,{"date":404,"score":165,"percentile":405},"2026-01-23",0.74368,{"date":407,"score":165,"percentile":408},"2026-01-24",0.74376,{"date":410,"score":165,"percentile":411},"2026-01-25",0.74359,{"date":413,"score":165,"percentile":387},"2026-01-26",{"date":415,"score":165,"percentile":416},"2026-01-27",0.74367,{"date":418,"score":165,"percentile":408},"2026-01-28",{"date":420,"score":165,"percentile":421},"2026-01-29",0.74374,{"date":423,"score":165,"percentile":424},"2026-01-30",0.74377,{"date":426,"score":165,"percentile":427},"2026-01-31",0.74381,{"date":429,"score":339,"percentile":430},"2026-02-01",0.83613,[432],{"source":90,"cvss_v2_0":433,"cvss_v3_0":438,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":434,"baseSeverity":9,"vectorString":435,"impactScore":436,"exploitabilityScore":437},6.4,"AV:N/AC:L/Au:N/C:P/I:N/A:P",4.9,10,{"baseScore":88,"baseSeverity":439,"vectorString":91,"impactScore":440,"exploitabilityScore":437},"CRITICAL",8.7,[442,451],{"ecosystem":9,"name":443,"vendor":444,"product":445,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":447},"Ruby","hackerone","ruby","a",[448],{"version":449,"is_range":36,"range_type":96,"version_start":449,"version_start_type":450,"version_end":449,"version_end_type":450,"fixed_in":9},"Versions before 2.4.2, 2.3.5, and 2.2.8","including",{"ecosystem":9,"name":445,"vendor":452,"product":445,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":453},"ruby-lang",[454,457,459,461,463,465,467,469,471,473,475,477,479,481,483],{"version":455,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.0","cpe",{"version":458,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.1",{"version":460,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.2",{"version":462,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.3",{"version":464,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.4",{"version":466,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.5",{"version":468,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.6",{"version":470,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.7",{"version":472,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.3.0",{"version":474,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.3.1",{"version":476,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.3.2",{"version":478,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.3.3",{"version":480,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.3.4",{"version":482,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.0",{"version":484,"is_range":36,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.1"]