[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-17405":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":55,"duplicate_of":9,"upstream":56,"downstream":57,"duplicates":86,"related":87,"reserved_at":9,"published_at":90,"modified_at":91,"state":92,"summary":93,"references_raw":101,"kevs":173,"epss":174,"epss_history":177,"metrics":391,"affected":402},"CVE-2017-17405","Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":49,"platforms":50,"requires_auth":9,"exploitdb":52,"metasploit":9},"43381","Ruby \u003C 2.2.8 / \u003C 2.3.5 / \u003C 2.4.2 / \u003C 2.5.0-preview1 - 'NET::Ftp' Command Injection","exploit-database","https://www.exploit-db.com/exploits/43381","poc",0.5,false,"local",[51],"ruby",{"verified":48,"type":49,"platform":51,"file":53,"codes":54},"exploits/ruby/local/43381.md",[7],[],[],[58,60,62,64,66,68,70,72,74,76,78,80,82,84],{"_key":59},"ALPINE-CVE-2017-17405",{"_key":61},"SUSE-SU-2020:1570-1",{"_key":63},"DLA-1221-1",{"_key":65},"DLA-1222-1",{"_key":67},"DLA-1421-1",{"_key":69},"DSA-4259-1",{"_key":71},"MGASA-2017-0486",{"_key":73},"UBUNTU-CVE-2017-17405",{"_key":75},"USN-3515-1",{"_key":77},"RHSA-2018:0584",{"_key":79},"RHSA-2019:2806",{"_key":81},"RHSA-2018:0378",{"_key":83},"RHSA-2018:0583",{"_key":85},"RHSA-2018:0585",[],[88,89],{"_key":61},{"_key":71},"2017-12-15T09:00:00.000Z","2024-08-05T20:51:31.364Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":94,"epss_score":95,"severity":96,"severity_score":97,"severity_version":98,"severity_source":99,"severity_vector":100,"severity_status":92},"critical",0.88646,"high",9.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:C/I:C/A:C",[102,110,116,120,126,131,136,142,146,152,156,160,164,169],{"url":103,"sources":104,"tags":106},"https://access.redhat.com/errata/RHSA-2018:0585",[105,99],"cve.org",[107,108,109],"Vendor Advisory","X Refsource REDHAT","Third Party Advisory",{"url":111,"sources":112,"tags":113},"https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html",[105,99],[114,115,109],"Mailing List","X Refsource MLIST",{"url":117,"sources":118,"tags":119},"https://access.redhat.com/errata/RHSA-2018:0378",[105,99],[107,108,109],{"url":121,"sources":122,"tags":123},"http://www.securityfocus.com/bid/102204",[105,99],[124,125,109],"VDB Entry","X Refsource BID",{"url":127,"sources":128,"tags":129},"http://www.securitytracker.com/id/1042004",[105,99],[124,130,109],"X Refsource SECTRACK",{"url":132,"sources":133,"tags":134},"https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/",[105,99],[135,107],"X Refsource CONFIRM",{"url":137,"sources":138,"tags":139},"https://www.exploit-db.com/exploits/43381/",[105,99],[140,141,109,124],"Exploit","X Refsource EXPLOIT DB",{"url":143,"sources":144,"tags":145},"https://access.redhat.com/errata/RHSA-2018:0584",[105,99],[107,108,109],{"url":147,"sources":148,"tags":149},"https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/",[105,99],[135,150,151,107],"Patch","Release Notes",{"url":153,"sources":154,"tags":155},"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html",[105,99],[114,115,109],{"url":157,"sources":158,"tags":159},"https://access.redhat.com/errata/RHSA-2018:0583",[105,99],[107,108,109],{"url":161,"sources":162,"tags":163},"https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html",[105,99],[114,115,109],{"url":165,"sources":166,"tags":167},"https://www.debian.org/security/2018/dsa-4259",[105,99],[107,168,109],"X Refsource DEBIAN",{"url":170,"sources":171,"tags":172},"https://access.redhat.com/errata/RHSA-2019:2806",[105,99],[107,108],[],{"date":175,"score":95,"percentile":176},"2026-06-04",0.99525,[178,181,183,186,188,191,193,195,197,199,201,203,205,207,209,212,215,217,220,222,225,227,229,232,234,236,238,240,244,247,250,252,254,256,258,261,263,266,269,271,273,275,277,279,282,285,287,289,292,295,297,299,301,303,307,309,311,313,315,318,320,323,325,327,329,331,333,335,337,339,342,344,347,350,352,355,358,360,362,364,367,370,373,375,377,379,381,383,385,388],{"date":179,"score":95,"percentile":180},"2025-11-04",0.99474,{"date":182,"score":95,"percentile":180},"2025-11-05",{"date":184,"score":95,"percentile":185},"2025-11-06",0.99475,{"date":187,"score":95,"percentile":185},"2025-11-07",{"date":189,"score":95,"percentile":190},"2025-11-08",0.99473,{"date":192,"score":95,"percentile":190},"2025-11-09",{"date":194,"score":95,"percentile":190},"2025-11-10",{"date":196,"score":95,"percentile":190},"2025-11-11",{"date":198,"score":95,"percentile":190},"2025-11-12",{"date":200,"score":95,"percentile":180},"2025-11-13",{"date":202,"score":95,"percentile":180},"2025-11-14",{"date":204,"score":95,"percentile":180},"2025-11-15",{"date":206,"score":95,"percentile":190},"2025-11-16",{"date":208,"score":95,"percentile":190},"2025-11-17",{"date":210,"score":95,"percentile":211},"2025-11-18",0.99595,{"date":213,"score":95,"percentile":214},"2025-11-19",0.99596,{"date":216,"score":95,"percentile":214},"2025-11-20",{"date":218,"score":95,"percentile":219},"2025-11-21",0.9947,{"date":221,"score":95,"percentile":219},"2025-11-22",{"date":223,"score":95,"percentile":224},"2025-11-23",0.99471,{"date":226,"score":95,"percentile":224},"2025-11-24",{"date":228,"score":95,"percentile":224},"2025-11-25",{"date":230,"score":95,"percentile":231},"2025-11-26",0.99472,{"date":233,"score":95,"percentile":231},"2025-11-27",{"date":235,"score":95,"percentile":190},"2025-11-28",{"date":237,"score":95,"percentile":180},"2025-11-29",{"date":239,"score":95,"percentile":180},"2025-11-30",{"date":241,"score":242,"percentile":243},"2025-12-01",0.86835,0.99402,{"date":245,"score":242,"percentile":246},"2025-12-02",0.99401,{"date":248,"score":242,"percentile":249},"2025-12-03",0.994,{"date":251,"score":95,"percentile":180},"2025-12-04",{"date":253,"score":95,"percentile":180},"2025-12-05",{"date":255,"score":95,"percentile":180},"2025-12-06",{"date":257,"score":95,"percentile":180},"2025-12-07",{"date":259,"score":95,"percentile":260},"2025-12-08",0.99476,{"date":262,"score":95,"percentile":260},"2025-12-09",{"date":264,"score":95,"percentile":265},"2025-12-10",0.99477,{"date":267,"score":95,"percentile":268},"2025-12-11",0.99478,{"date":270,"score":95,"percentile":268},"2025-12-12",{"date":272,"score":95,"percentile":268},"2025-12-13",{"date":274,"score":95,"percentile":268},"2025-12-14",{"date":276,"score":95,"percentile":268},"2025-12-15",{"date":278,"score":95,"percentile":268},"2025-12-16",{"date":280,"score":95,"percentile":281},"2025-12-17",0.99479,{"date":283,"score":95,"percentile":284},"2025-12-18",0.9948,{"date":286,"score":95,"percentile":284},"2025-12-19",{"date":288,"score":95,"percentile":284},"2025-12-20",{"date":290,"score":95,"percentile":291},"2025-12-21",0.99481,{"date":293,"score":95,"percentile":294},"2025-12-22",0.99482,{"date":296,"score":95,"percentile":294},"2025-12-23",{"date":298,"score":95,"percentile":294},"2025-12-24",{"date":300,"score":95,"percentile":294},"2025-12-25",{"date":302,"score":95,"percentile":291},"2025-12-26",{"date":304,"score":305,"percentile":306},"2025-12-27",0.87547,0.99432,{"date":308,"score":95,"percentile":284},"2025-12-28",{"date":310,"score":95,"percentile":291},"2025-12-29",{"date":312,"score":95,"percentile":291},"2025-12-30",{"date":314,"score":95,"percentile":291},"2025-12-31",{"date":316,"score":242,"percentile":317},"2026-01-01",0.99413,{"date":319,"score":242,"percentile":317},"2026-01-02",{"date":321,"score":242,"percentile":322},"2026-01-03",0.99414,{"date":324,"score":95,"percentile":291},"2026-01-04",{"date":326,"score":95,"percentile":291},"2026-01-05",{"date":328,"score":95,"percentile":291},"2026-01-06",{"date":330,"score":95,"percentile":294},"2026-01-07",{"date":332,"score":95,"percentile":294},"2026-01-08",{"date":334,"score":95,"percentile":294},"2026-01-09",{"date":336,"score":95,"percentile":294},"2026-01-10",{"date":338,"score":95,"percentile":294},"2026-01-11",{"date":340,"score":95,"percentile":341},"2026-01-12",0.99483,{"date":343,"score":95,"percentile":341},"2026-01-13",{"date":345,"score":95,"percentile":346},"2026-01-14",0.99484,{"date":348,"score":95,"percentile":349},"2026-01-15",0.99485,{"date":351,"score":95,"percentile":349},"2026-01-16",{"date":353,"score":95,"percentile":354},"2026-01-17",0.99487,{"date":356,"score":95,"percentile":357},"2026-01-18",0.99486,{"date":359,"score":95,"percentile":357},"2026-01-19",{"date":361,"score":95,"percentile":354},"2026-01-20",{"date":363,"score":95,"percentile":354},"2026-01-21",{"date":365,"score":95,"percentile":366},"2026-01-22",0.99488,{"date":368,"score":95,"percentile":369},"2026-01-23",0.99489,{"date":371,"score":95,"percentile":372},"2026-01-24",0.9949,{"date":374,"score":95,"percentile":372},"2026-01-25",{"date":376,"score":95,"percentile":369},"2026-01-26",{"date":378,"score":95,"percentile":372},"2026-01-27",{"date":380,"score":95,"percentile":372},"2026-01-28",{"date":382,"score":95,"percentile":372},"2026-01-29",{"date":384,"score":95,"percentile":372},"2026-01-30",{"date":386,"score":95,"percentile":387},"2026-01-31",0.99491,{"date":389,"score":242,"percentile":390},"2026-02-01",0.99421,[392],{"source":99,"cvss_v2_0":393,"cvss_v3_0":396,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":97,"baseSeverity":9,"vectorString":100,"impactScore":394,"exploitabilityScore":395},10,8.6,{"baseScore":397,"baseSeverity":398,"vectorString":399,"impactScore":400,"exploitabilityScore":401},8.8,"HIGH","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",9.8,7.2,[403,416,422,427,435,443,449,454],{"ecosystem":9,"name":404,"vendor":405,"product":406,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":408},"debian linux","debian","debian_linux","o",[409,412,414],{"version":410,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"version":413,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":415,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":417,"vendor":418,"product":419,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":420},"enterprise linux desktop","redhat","enterprise_linux_desktop",[421],{"version":410,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":423,"vendor":418,"product":424,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":425},"enterprise linux server","enterprise_linux_server",[426],{"version":410,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":428,"vendor":418,"product":429,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":430},"enterprise linux server aus","enterprise_linux_server_aus",[431,433],{"version":432,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.4",{"version":434,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.6",{"ecosystem":9,"name":436,"vendor":418,"product":437,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":438},"enterprise linux server eus","enterprise_linux_server_eus",[439,440,442],{"version":432,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":441,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.5",{"version":434,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":444,"vendor":418,"product":445,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":446},"enterprise linux server tus","enterprise_linux_server_tus",[447,448],{"version":432,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":434,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":450,"vendor":418,"product":451,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"enterprise linux workstation","enterprise_linux_workstation",[453],{"version":410,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":51,"vendor":455,"product":51,"cpe_part":456,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":457},"ruby-lang","a",[458,464,468,472],{"version":459,"is_range":460,"range_type":411,"version_start":461,"version_start_type":462,"version_end":463,"version_end_type":462,"fixed_in":9},"gte2.2_lte2.2.8",true,"2.2","including","2.2.8",{"version":465,"is_range":460,"range_type":411,"version_start":466,"version_start_type":462,"version_end":467,"version_end_type":462,"fixed_in":9},"gte2.3_lte2.3.5","2.3","2.3.5",{"version":469,"is_range":460,"range_type":411,"version_start":470,"version_start_type":462,"version_end":471,"version_end_type":462,"fixed_in":9},"gte2.4_lte2.4.2","2.4","2.4.2",{"version":473,"is_range":48,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.5.0:preview1"]