[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-0899":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":85,"aliases":95,"duplicate_of":9,"upstream":96,"downstream":97,"duplicates":124,"related":125,"reserved_at":9,"published_at":128,"modified_at":129,"state":130,"summary":131,"references_raw":139,"kevs":205,"epss":206,"epss_history":209,"metrics":466,"affected":475},"CVE-2017-0899","RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.",null,[11,35],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-150","Improper Neutralization of Escape, Meta, or Control Sequences","The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.","weakness","Incomplete","Variant",[19,23,27,31],{"id":20,"name":21,"techniques":22},"CAPEC-134","Email Injection",[],{"id":24,"name":25,"techniques":26},"CAPEC-41","Using Meta-characters in E-mail Headers to Inject Malicious Payloads",[],{"id":28,"name":29,"techniques":30},"CAPEC-81","Web Server Logs Tampering",[],{"id":32,"name":33,"techniques":34},"CAPEC-93","Log Injection-Tampering-Forging",[],{"_key":36,"id":36,"name":37,"description":38,"type":15,"status":39,"abstraction":40,"likelihood_of_exploit":41,"capec":42},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","Draft","Base","Medium",[43,47,81],{"id":44,"name":45,"techniques":46},"CAPEC-242","Code Injection",[],{"id":48,"name":49,"techniques":50},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[51,62,69],{"id":52,"name":53,"tactics":54,"countermeasures":61},"T1027.006","HTML Smuggling",[55,58],{"id":56,"name":57},"TA0030","Defense Evasion",{"id":59,"name":60},"TA0005","Stealth",[],{"id":63,"name":64,"tactics":65,"countermeasures":68},"T1027.009","Embedded Payloads",[66,67],{"id":56,"name":57},{"id":59,"name":60},[],{"id":70,"name":71,"tactics":72,"countermeasures":75},"T1564.009","Resource Forking",[73,74],{"id":56,"name":57},{"id":59,"name":60},[76],{"id":77,"name":78,"tactic":79},"D3-FFV","File Format Verification",{"name":80},"Isolate",{"id":82,"name":83,"techniques":84},"CAPEC-77","Manipulating User-Controlled Variables",[],[86],{"_key":87,"name":88,"source":89,"url":90,"maturity":91,"reliability_score":92,"verified":93,"type":9,"platforms":94,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_BFC5A8A120BA8FA1","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/226335","unknown",0.2,false,[],[],[],[98,100,102,104,106,108,110,112,114,116,118,120,122],{"_key":99},"ALPINE-CVE-2017-0899",{"_key":101},"SUSE-SU-2020:1570-1",{"_key":103},"DLA-1114-1",{"_key":105},"DLA-1421-1",{"_key":107},"DSA-3966-1",{"_key":109},"MGASA-2017-0482",{"_key":111},"USN-3439-1",{"_key":113},"DEBIAN-CVE-2017-0899",{"_key":115},"RHSA-2017:3485",{"_key":117},"RHSA-2018:0378",{"_key":119},"RHSA-2018:0583",{"_key":121},"RHSA-2018:0585",{"_key":123},"UBUNTU-CVE-2017-0899",[],[126,127],{"_key":101},{"_key":109},"2017-08-31T20:00:00.000Z","2024-09-17T02:20:54.846Z","Modified",{"cisa_kev":93,"cisa_ransomware":93,"cisa_vendor":9,"epss_severity":132,"epss_score":133,"severity":134,"severity_score":135,"severity_version":136,"severity_source":137,"severity_vector":138,"severity_status":130},"low",0.09304,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[140,148,153,157,163,169,173,177,181,187,191,196,201],{"url":141,"sources":142,"tags":144},"https://access.redhat.com/errata/RHSA-2018:0585",[143,137],"cve.org",[145,146,147],"Vendor Advisory","X Refsource REDHAT","Third Party Advisory",{"url":149,"sources":150,"tags":151},"https://www.debian.org/security/2017/dsa-3966",[143,137],[145,152,147],"X Refsource DEBIAN",{"url":154,"sources":155,"tags":156},"https://access.redhat.com/errata/RHSA-2018:0378",[143,137],[145,146,147],{"url":90,"sources":158,"tags":159},[143,137],[160,161,162,147],"X Refsource MISC","Exploit","Patch",{"url":164,"sources":165,"tags":166},"http://www.securitytracker.com/id/1039249",[143,137],[167,168,147],"VDB Entry","X Refsource SECTRACK",{"url":170,"sources":171,"tags":172},"https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1",[143,137],[160,162,147],{"url":174,"sources":175,"tags":176},"https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491",[143,137],[160,162,147],{"url":178,"sources":179,"tags":180},"https://access.redhat.com/errata/RHSA-2017:3485",[143,137],[145,146,147],{"url":182,"sources":183,"tags":184},"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html",[143,137],[185,186,147],"Mailing List","X Refsource MLIST",{"url":188,"sources":189,"tags":190},"https://access.redhat.com/errata/RHSA-2018:0583",[143,137],[145,146,147],{"url":192,"sources":193,"tags":194},"https://security.gentoo.org/glsa/201710-01",[143,137],[145,195,147],"X Refsource GENTOO",{"url":197,"sources":198,"tags":199},"http://www.securityfocus.com/bid/100576",[143,137],[167,200,147],"X Refsource BID",{"url":202,"sources":203,"tags":204},"http://blog.rubygems.org/2017/08/27/2.6.13-released.html",[143,137],[160,162,145],[],{"date":207,"score":133,"percentile":208},"2026-06-04",0.92901,[210,214,217,219,222,225,228,231,234,237,240,243,246,249,251,254,257,260,263,265,268,271,274,277,279,282,285,288,292,295,298,301,304,307,310,312,315,318,321,324,327,329,332,335,338,341,344,346,349,351,354,357,360,362,365,368,370,373,376,379,382,385,388,391,393,396,399,402,405,407,409,412,415,418,421,424,427,429,432,435,438,441,444,446,449,452,455,457,460,463],{"date":211,"score":212,"percentile":213},"2025-11-04",0.07362,0.9129,{"date":215,"score":212,"percentile":216},"2025-11-05",0.91288,{"date":218,"score":212,"percentile":213},"2025-11-06",{"date":220,"score":212,"percentile":221},"2025-11-07",0.91296,{"date":223,"score":212,"percentile":224},"2025-11-08",0.91295,{"date":226,"score":212,"percentile":227},"2025-11-09",0.91291,{"date":229,"score":212,"percentile":230},"2025-11-10",0.91292,{"date":232,"score":212,"percentile":233},"2025-11-11",0.91297,{"date":235,"score":212,"percentile":236},"2025-11-12",0.91301,{"date":238,"score":212,"percentile":239},"2025-11-13",0.91304,{"date":241,"score":212,"percentile":242},"2025-11-14",0.91305,{"date":244,"score":212,"percentile":245},"2025-11-15",0.91302,{"date":247,"score":212,"percentile":248},"2025-11-16",0.9131,{"date":250,"score":212,"percentile":248},"2025-11-17",{"date":252,"score":212,"percentile":253},"2025-11-18",0.90802,{"date":255,"score":212,"percentile":256},"2025-11-19",0.90805,{"date":258,"score":212,"percentile":259},"2025-11-20",0.90811,{"date":261,"score":212,"percentile":262},"2025-11-21",0.91319,{"date":264,"score":212,"percentile":262},"2025-11-22",{"date":266,"score":212,"percentile":267},"2025-11-23",0.91325,{"date":269,"score":212,"percentile":270},"2025-11-24",0.91326,{"date":272,"score":212,"percentile":273},"2025-11-25",0.91329,{"date":275,"score":212,"percentile":276},"2025-11-26",0.91328,{"date":278,"score":212,"percentile":273},"2025-11-27",{"date":280,"score":212,"percentile":281},"2025-11-28",0.91321,{"date":283,"score":212,"percentile":284},"2025-11-29",0.91351,{"date":286,"score":212,"percentile":287},"2025-11-30",0.91349,{"date":289,"score":290,"percentile":291},"2025-12-01",0.02165,0.83826,{"date":293,"score":290,"percentile":294},"2025-12-02",0.83829,{"date":296,"score":290,"percentile":297},"2025-12-03",0.8383,{"date":299,"score":212,"percentile":300},"2025-12-04",0.91345,{"date":302,"score":212,"percentile":303},"2025-12-05",0.91347,{"date":305,"score":212,"percentile":306},"2025-12-06",0.91348,{"date":308,"score":212,"percentile":309},"2025-12-07",0.91346,{"date":311,"score":212,"percentile":303},"2025-12-08",{"date":313,"score":212,"percentile":314},"2025-12-09",0.9135,{"date":316,"score":212,"percentile":317},"2025-12-10",0.91357,{"date":319,"score":212,"percentile":320},"2025-12-11",0.91362,{"date":322,"score":212,"percentile":323},"2025-12-12",0.91363,{"date":325,"score":212,"percentile":326},"2025-12-13",0.91352,{"date":328,"score":212,"percentile":314},"2025-12-14",{"date":330,"score":212,"percentile":331},"2025-12-15",0.91353,{"date":333,"score":212,"percentile":334},"2025-12-16",0.91381,{"date":336,"score":212,"percentile":337},"2025-12-17",0.91388,{"date":339,"score":212,"percentile":340},"2025-12-18",0.91393,{"date":342,"score":212,"percentile":343},"2025-12-19",0.91395,{"date":345,"score":212,"percentile":343},"2025-12-20",{"date":347,"score":212,"percentile":348},"2025-12-21",0.91397,{"date":350,"score":212,"percentile":340},"2025-12-22",{"date":352,"score":212,"percentile":353},"2025-12-23",0.91401,{"date":355,"score":212,"percentile":356},"2025-12-24",0.91407,{"date":358,"score":212,"percentile":359},"2025-12-25",0.91408,{"date":361,"score":212,"percentile":356},"2025-12-26",{"date":363,"score":212,"percentile":364},"2025-12-27",0.91444,{"date":366,"score":212,"percentile":367},"2025-12-28",0.91404,{"date":369,"score":212,"percentile":353},"2025-12-29",{"date":371,"score":212,"percentile":372},"2025-12-30",0.91406,{"date":374,"score":212,"percentile":375},"2025-12-31",0.91414,{"date":377,"score":290,"percentile":378},"2026-01-01",0.83916,{"date":380,"score":290,"percentile":381},"2026-01-02",0.83915,{"date":383,"score":290,"percentile":384},"2026-01-03",0.83909,{"date":386,"score":212,"percentile":387},"2026-01-04",0.9143,{"date":389,"score":212,"percentile":390},"2026-01-05",0.91427,{"date":392,"score":212,"percentile":387},"2026-01-06",{"date":394,"score":212,"percentile":395},"2026-01-07",0.91431,{"date":397,"score":212,"percentile":398},"2026-01-08",0.91433,{"date":400,"score":212,"percentile":401},"2026-01-09",0.91436,{"date":403,"score":212,"percentile":404},"2026-01-10",0.91438,{"date":406,"score":212,"percentile":395},"2026-01-11",{"date":408,"score":212,"percentile":395},"2026-01-12",{"date":410,"score":212,"percentile":411},"2026-01-13",0.91429,{"date":413,"score":212,"percentile":414},"2026-01-14",0.91441,{"date":416,"score":212,"percentile":417},"2026-01-15",0.91445,{"date":419,"score":212,"percentile":420},"2026-01-16",0.91449,{"date":422,"score":212,"percentile":423},"2026-01-17",0.91453,{"date":425,"score":212,"percentile":426},"2026-01-18",0.91451,{"date":428,"score":212,"percentile":423},"2026-01-19",{"date":430,"score":212,"percentile":431},"2026-01-20",0.91454,{"date":433,"score":212,"percentile":434},"2026-01-21",0.91458,{"date":436,"score":212,"percentile":437},"2026-01-22",0.91462,{"date":439,"score":212,"percentile":440},"2026-01-23",0.9147,{"date":442,"score":212,"percentile":443},"2026-01-24",0.91474,{"date":445,"score":212,"percentile":443},"2026-01-25",{"date":447,"score":212,"percentile":448},"2026-01-26",0.91477,{"date":450,"score":212,"percentile":451},"2026-01-27",0.9148,{"date":453,"score":212,"percentile":454},"2026-01-28",0.91484,{"date":456,"score":212,"percentile":454},"2026-01-29",{"date":458,"score":212,"percentile":459},"2026-01-30",0.91485,{"date":461,"score":212,"percentile":462},"2026-01-31",0.91483,{"date":464,"score":290,"percentile":465},"2026-02-01",0.8398,[467],{"source":137,"cvss_v2_0":468,"cvss_v3_0":473,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":469,"baseSeverity":9,"vectorString":470,"impactScore":471,"exploitabilityScore":472},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":135,"baseSeverity":474,"vectorString":138,"impactScore":135,"exploitabilityScore":472},"CRITICAL",[476,487,496,503,508,516,524,530,535],{"ecosystem":9,"name":477,"vendor":478,"product":479,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"debian linux","debian","debian_linux","o",[482,485],{"version":483,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"version":486,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":488,"vendor":489,"product":490,"cpe_part":491,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":492},"RubyGems","hackerone","rubygems","a",[493],{"version":494,"is_range":93,"range_type":143,"version_start":494,"version_start_type":495,"version_end":494,"version_end_type":495,"fixed_in":9},"Versions before 2.6.13","including",{"ecosystem":9,"name":497,"vendor":498,"product":499,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":500},"enterprise linux desktop","redhat","enterprise_linux_desktop",[501],{"version":502,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"ecosystem":9,"name":504,"vendor":498,"product":505,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":506},"enterprise linux server","enterprise_linux_server",[507],{"version":502,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":509,"vendor":498,"product":510,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":511},"enterprise linux server aus","enterprise_linux_server_aus",[512,514],{"version":513,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.4",{"version":515,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.6",{"ecosystem":9,"name":517,"vendor":498,"product":518,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":519},"enterprise linux server eus","enterprise_linux_server_eus",[520,521,523],{"version":513,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":522,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.5",{"version":515,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":525,"vendor":498,"product":526,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":527},"enterprise linux server tus","enterprise_linux_server_tus",[528,529],{"version":513,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":515,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":531,"vendor":498,"product":532,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":533},"enterprise linux workstation","enterprise_linux_workstation",[534],{"version":502,"is_range":93,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":490,"vendor":490,"product":490,"cpe_part":491,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":536},[537],{"version":538,"is_range":539,"range_type":484,"version_start":9,"version_start_type":9,"version_end":540,"version_end_type":495,"fixed_in":9},"lte2.6.12",true,"2.6.12"]