[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-17742":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":85,"aliases":86,"duplicate_of":9,"upstream":87,"downstream":88,"duplicates":135,"related":136,"reserved_at":9,"published_at":142,"modified_at":143,"state":144,"summary":145,"references_raw":154,"kevs":242,"epss":243,"epss_history":246,"metrics":508,"affected":518},"CVE-2017-17742","Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-113","Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')","The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.","weakness","Incomplete","Variant",[19,23,77,81],{"id":20,"name":21,"techniques":22},"CAPEC-105","HTTP Request Splitting",[],{"id":24,"name":25,"techniques":26},"CAPEC-31","Accessing/Intercepting/Modifying HTTP Cookies",[27],{"id":28,"name":29,"tactics":30,"countermeasures":34},"T1539","Steal Web Session Cookie",[31],{"id":32,"name":33},"TA0031","Credential Access",[35,40,45,49,54,59,63,67,72],{"id":36,"name":37,"tactic":38},"D3-CCSA","Credential Compromise Scope Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-CR","Credential Revocation",{"name":44},"Evict",{"id":46,"name":47,"tactic":48},"D3-ANCI","Authentication Cache Invalidation",{"name":44},{"id":50,"name":51,"tactic":52},"D3-DUC","Decoy User Credential",{"name":53},"Deceive",{"id":55,"name":56,"tactic":57},"D3-CH","Credential Hardening",{"name":58},"Harden",{"id":60,"name":61,"tactic":62},"D3-MFA","Multi-factor Authentication",{"name":58},{"id":64,"name":65,"tactic":66},"D3-CRO","Credential Rotation",{"name":58},{"id":68,"name":69,"tactic":70},"D3-RIC","Reissue Credential",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CTS","Credential Transmission Scoping",{"name":76},"Isolate",{"id":78,"name":79,"techniques":80},"CAPEC-34","HTTP Response Splitting",[],{"id":82,"name":83,"techniques":84},"CAPEC-85","AJAX Footprinting",[],[],[],[],[89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133],{"_key":90},"ALPINE-CVE-2017-17742",{"_key":92},"RHSA-2020:1963",{"_key":94},"RHSA-2020:2212",{"_key":96},"RHSA-2020:2288",{"_key":98},"SUSE-SU-2019:1804-1",{"_key":100},"SUSE-SU-2020:1570-1",{"_key":102},"OPENSUSE-SU-2019:1771-1",{"_key":104},"DLA-1358-1",{"_key":106},"DLA-1359-1",{"_key":108},"DLA-1421-1",{"_key":110},"DLA-2027-1",{"_key":112},"DLA-2330-1",{"_key":114},"DLA-3408-1",{"_key":116},"DSA-4259-1",{"_key":118},"MGASA-2020-0440",{"_key":120},"MGASA-2018-0411",{"_key":122},"RHSA-2018:3729",{"_key":124},"RHSA-2018:3730",{"_key":126},"RHSA-2018:3731",{"_key":128},"RHSA-2019:2028",{"_key":130},"USN-3685-1",{"_key":132},"DEBIAN-CVE-2017-17742",{"_key":134},"UBUNTU-CVE-2017-17742",[],[137,138,139,140,141],{"_key":98},{"_key":100},{"_key":102},{"_key":120},{"_key":118},"2018-04-03T00:00:00.000Z","2024-08-05T20:59:17.715Z","Modified",{"cisa_kev":146,"cisa_ransomware":146,"cisa_vendor":9,"epss_severity":147,"epss_score":148,"severity":149,"severity_score":150,"severity_version":151,"severity_source":152,"severity_vector":153,"severity_status":144},false,"low",0.01152,"medium",5.3,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",[155,161,167,173,177,181,185,190,194,198,202,206,210,214,218,222,226,230,234,238],{"url":156,"sources":157,"tags":159},"https://usn.ubuntu.com/3685-1/",[158,152],"cve.org",[160],"Vendor Advisory",{"url":162,"sources":163,"tags":164},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/",[158,152],[165,166],"Patch","Release Notes",{"url":168,"sources":169,"tags":170},"http://www.securityfocus.com/bid/103684",[158,152],[171,172],"VDB Entry","Third Party Advisory",{"url":174,"sources":175,"tags":176},"https://access.redhat.com/errata/RHSA-2018:3729",[158,152],[160],{"url":178,"sources":179,"tags":180},"http://www.securitytracker.com/id/1042004",[158,152],[171],{"url":182,"sources":183,"tags":184},"https://access.redhat.com/errata/RHSA-2018:3730",[158,152],[160],{"url":186,"sources":187,"tags":188},"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html",[158,152],[189,172],"Mailing List",{"url":191,"sources":192,"tags":193},"https://access.redhat.com/errata/RHSA-2018:3731",[158,152],[160],{"url":195,"sources":196,"tags":197},"https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/",[158,152],[160],{"url":199,"sources":200,"tags":201},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/",[158,152],[165,166],{"url":203,"sources":204,"tags":205},"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html",[158,152],[189],{"url":207,"sources":208,"tags":209},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/",[158,152],[165,166],{"url":211,"sources":212,"tags":213},"https://www.debian.org/security/2018/dsa-4259",[158,152],[160],{"url":215,"sources":216,"tags":217},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",[158,152],[165,166],{"url":219,"sources":220,"tags":221},"https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html",[158,152],[189,172],{"url":223,"sources":224,"tags":225},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html",[158,152],[160],{"url":227,"sources":228,"tags":229},"https://access.redhat.com/errata/RHSA-2019:2028",[158,152],[160],{"url":231,"sources":232,"tags":233},"https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html",[158,152],[189],{"url":235,"sources":236,"tags":237},"https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html",[158,152],[189],{"url":239,"sources":240,"tags":241},"https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html",[158,152],[189],[],{"date":244,"score":148,"percentile":245},"2026-06-04",0.78846,[247,251,254,257,260,263,265,267,270,273,276,279,282,285,287,290,293,296,299,302,305,307,310,312,315,318,320,323,327,330,333,336,339,342,345,348,351,354,357,360,362,365,368,371,374,377,380,383,385,388,391,394,397,400,404,407,410,413,416,419,422,425,428,431,434,437,440,443,445,447,450,453,456,459,462,465,468,471,473,476,479,482,485,488,491,493,496,498,501,504],{"date":248,"score":249,"percentile":250},"2025-11-04",0.01067,0.76991,{"date":252,"score":249,"percentile":253},"2025-11-05",0.76992,{"date":255,"score":249,"percentile":256},"2025-11-06",0.76989,{"date":258,"score":249,"percentile":259},"2025-11-07",0.77003,{"date":261,"score":249,"percentile":262},"2025-11-08",0.77007,{"date":264,"score":249,"percentile":259},"2025-11-09",{"date":266,"score":249,"percentile":250},"2025-11-10",{"date":268,"score":249,"percentile":269},"2025-11-11",0.76993,{"date":271,"score":249,"percentile":272},"2025-11-12",0.77011,{"date":274,"score":249,"percentile":275},"2025-11-13",0.77019,{"date":277,"score":249,"percentile":278},"2025-11-14",0.77026,{"date":280,"score":249,"percentile":281},"2025-11-15",0.77022,{"date":283,"score":249,"percentile":284},"2025-11-16",0.7702,{"date":286,"score":249,"percentile":272},"2025-11-17",{"date":288,"score":249,"percentile":289},"2025-11-18",0.75824,{"date":291,"score":249,"percentile":292},"2025-11-19",0.7583,{"date":294,"score":249,"percentile":295},"2025-11-20",0.7584,{"date":297,"score":249,"percentile":298},"2025-11-21",0.77039,{"date":300,"score":249,"percentile":301},"2025-11-22",0.77038,{"date":303,"score":249,"percentile":304},"2025-11-23",0.77025,{"date":306,"score":249,"percentile":304},"2025-11-24",{"date":308,"score":249,"percentile":309},"2025-11-25",0.77032,{"date":311,"score":249,"percentile":301},"2025-11-26",{"date":313,"score":249,"percentile":314},"2025-11-27",0.7704,{"date":316,"score":249,"percentile":317},"2025-11-28",0.7703,{"date":319,"score":249,"percentile":301},"2025-11-29",{"date":321,"score":249,"percentile":322},"2025-11-30",0.77036,{"date":324,"score":325,"percentile":326},"2025-12-01",0.02176,0.83866,{"date":328,"score":325,"percentile":329},"2025-12-02",0.83868,{"date":331,"score":325,"percentile":332},"2025-12-03",0.83869,{"date":334,"score":249,"percentile":335},"2025-12-04",0.77033,{"date":337,"score":249,"percentile":338},"2025-12-05",0.77042,{"date":340,"score":249,"percentile":341},"2025-12-06",0.77046,{"date":343,"score":249,"percentile":344},"2025-12-07",0.77041,{"date":346,"score":249,"percentile":347},"2025-12-08",0.77047,{"date":349,"score":249,"percentile":350},"2025-12-09",0.77071,{"date":352,"score":249,"percentile":353},"2025-12-10",0.771,{"date":355,"score":249,"percentile":356},"2025-12-11",0.77116,{"date":358,"score":249,"percentile":359},"2025-12-12",0.77136,{"date":361,"score":249,"percentile":359},"2025-12-13",{"date":363,"score":249,"percentile":364},"2025-12-14",0.77133,{"date":366,"score":249,"percentile":367},"2025-12-15",0.77129,{"date":369,"score":249,"percentile":370},"2025-12-16",0.77141,{"date":372,"score":249,"percentile":373},"2025-12-17",0.77152,{"date":375,"score":249,"percentile":376},"2025-12-18",0.77168,{"date":378,"score":249,"percentile":379},"2025-12-19",0.7718,{"date":381,"score":249,"percentile":382},"2025-12-20",0.77174,{"date":384,"score":249,"percentile":376},"2025-12-21",{"date":386,"score":249,"percentile":387},"2025-12-22",0.77163,{"date":389,"score":249,"percentile":390},"2025-12-23",0.77166,{"date":392,"score":249,"percentile":393},"2025-12-24",0.77177,{"date":395,"score":249,"percentile":396},"2025-12-25",0.77195,{"date":398,"score":249,"percentile":399},"2025-12-26",0.77193,{"date":401,"score":402,"percentile":403},"2025-12-27",0.0093,0.75602,{"date":405,"score":249,"percentile":406},"2025-12-28",0.77179,{"date":408,"score":249,"percentile":409},"2025-12-29",0.77175,{"date":411,"score":249,"percentile":412},"2025-12-30",0.77183,{"date":414,"score":249,"percentile":415},"2025-12-31",0.77203,{"date":417,"score":325,"percentile":418},"2026-01-01",0.83956,{"date":420,"score":325,"percentile":421},"2026-01-02",0.83954,{"date":423,"score":325,"percentile":424},"2026-01-03",0.83949,{"date":426,"score":249,"percentile":427},"2026-01-04",0.77208,{"date":429,"score":249,"percentile":430},"2026-01-05",0.77201,{"date":432,"score":249,"percentile":433},"2026-01-06",0.77209,{"date":435,"score":249,"percentile":436},"2026-01-07",0.77217,{"date":438,"score":249,"percentile":439},"2026-01-08",0.77226,{"date":441,"score":249,"percentile":442},"2026-01-09",0.77233,{"date":444,"score":249,"percentile":442},"2026-01-10",{"date":446,"score":249,"percentile":439},"2026-01-11",{"date":448,"score":249,"percentile":449},"2026-01-12",0.77215,{"date":451,"score":249,"percentile":452},"2026-01-13",0.77213,{"date":454,"score":249,"percentile":455},"2026-01-14",0.77238,{"date":457,"score":249,"percentile":458},"2026-01-15",0.77241,{"date":460,"score":249,"percentile":461},"2026-01-16",0.7725,{"date":463,"score":249,"percentile":464},"2026-01-17",0.77252,{"date":466,"score":249,"percentile":467},"2026-01-18",0.77244,{"date":469,"score":249,"percentile":470},"2026-01-19",0.7724,{"date":472,"score":249,"percentile":442},"2026-01-20",{"date":474,"score":249,"percentile":475},"2026-01-21",0.77239,{"date":477,"score":249,"percentile":478},"2026-01-22",0.77245,{"date":480,"score":249,"percentile":481},"2026-01-23",0.77275,{"date":483,"score":249,"percentile":484},"2026-01-24",0.77286,{"date":486,"score":249,"percentile":487},"2026-01-25",0.77276,{"date":489,"score":249,"percentile":490},"2026-01-26",0.77274,{"date":492,"score":249,"percentile":487},"2026-01-27",{"date":494,"score":249,"percentile":495},"2026-01-28",0.77281,{"date":497,"score":249,"percentile":481},"2026-01-29",{"date":499,"score":148,"percentile":500},"2026-01-30",0.78094,{"date":502,"score":148,"percentile":503},"2026-01-31",0.78096,{"date":505,"score":506,"percentile":507},"2026-02-01",0.02345,0.84577,[509],{"source":152,"cvss_v2_0":510,"cvss_v3_0":515,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":511,"baseSeverity":9,"vectorString":512,"impactScore":513,"exploitabilityScore":514},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":150,"baseSeverity":516,"vectorString":153,"impactScore":517,"exploitabilityScore":514},"MEDIUM",2.3,[519,528],{"ecosystem":9,"name":520,"vendor":521,"product":522,"cpe_part":523,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":524},"debian linux","debian","debian_linux","o",[525],{"version":526,"is_range":146,"range_type":527,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"ecosystem":9,"name":529,"vendor":530,"product":529,"cpe_part":531,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":532},"ruby","ruby-lang","a",[533,540,544,548,552],{"version":534,"is_range":535,"range_type":527,"version_start":536,"version_start_type":537,"version_end":538,"version_end_type":539,"fixed_in":9},"gte2.2.0_lt2.2.10",true,"2.2.0","including","2.2.10","excluding",{"version":541,"is_range":535,"range_type":527,"version_start":542,"version_start_type":537,"version_end":543,"version_end_type":539,"fixed_in":9},"gte2.3.0_lt2.3.7","2.3.0","2.3.7",{"version":545,"is_range":535,"range_type":527,"version_start":546,"version_start_type":537,"version_end":547,"version_end_type":539,"fixed_in":9},"gte2.4.0_lt2.4.4","2.4.0","2.4.4",{"version":549,"is_range":535,"range_type":527,"version_start":550,"version_start_type":537,"version_end":551,"version_end_type":539,"fixed_in":9},"gte2.5.0_lt2.5.1","2.5.0","2.5.1",{"version":553,"is_range":146,"range_type":527,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.0:preview1"]