[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-1000073":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":195,"aliases":196,"duplicate_of":9,"upstream":198,"downstream":199,"duplicates":236,"related":237,"reserved_at":9,"published_at":243,"modified_at":244,"state":245,"summary":246,"references_raw":255,"kevs":351,"epss":352,"epss_history":355,"metrics":614,"affected":626},"CVE-2018-1000073","RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[197],"GHSA-gx69-6cp4-hxrj",[],[200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234],{"_key":201},"SUSE-SU-2019:1804-1",{"_key":203},"SUSE-SU-2020:1570-1",{"_key":205},"OPENSUSE-SU-2019:1771-1",{"_key":207},"DLA-1480-1",{"_key":209},"DSA-4219-1",{"_key":211},"DSA-4259-1",{"_key":213},"MGASA-2020-0243",{"_key":215},"MGASA-2019-0062",{"_key":217},"RHSA-2018:3729",{"_key":219},"RHSA-2018:3730",{"_key":221},"RHSA-2018:3731",{"_key":223},"RHSA-2019:2028",{"_key":225},"RHSA-2020:0542",{"_key":227},"RHSA-2020:0591",{"_key":229},"RHSA-2020:0663",{"_key":231},"UBUNTU-CVE-2018-1000073",{"_key":233},"USN-3621-1",{"_key":235},"DEBIAN-CVE-2018-1000073",[],[238,239,240,241,242],{"_key":201},{"_key":203},{"_key":205},{"_key":215},{"_key":213},"2018-03-13T15:00:00.000Z","2024-08-05T12:33:49.113Z","Modified",{"cisa_kev":247,"cisa_ransomware":247,"cisa_vendor":9,"epss_severity":248,"epss_score":249,"severity":250,"severity_score":251,"severity_version":252,"severity_source":253,"severity_vector":254,"severity_status":245},false,"low",0.01057,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[256,265,270,275,279,283,290,296,300,304,309,313,317,321,325,330,334,338,342,347],{"url":257,"sources":258,"tags":261},"https://www.debian.org/security/2018/dsa-4219",[259,253,260],"cve.org","osv_maven",[262,263,264],"Vendor Advisory","X Refsource DEBIAN","WEB",{"url":266,"sources":267,"tags":268},"https://usn.ubuntu.com/3621-1/",[259,253],[262,269],"X Refsource UBUNTU",{"url":271,"sources":272,"tags":273},"https://access.redhat.com/errata/RHSA-2018:3729",[259,253,260],[262,274,264],"X Refsource REDHAT",{"url":276,"sources":277,"tags":278},"https://access.redhat.com/errata/RHSA-2018:3730",[259,253,260],[262,274,264],{"url":280,"sources":281,"tags":282},"https://access.redhat.com/errata/RHSA-2018:3731",[259,253,260],[262,274,264],{"url":284,"sources":285,"tags":286},"https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2",[259,253,260],[287,288,289,264],"X Refsource MISC","Patch","Third Party Advisory",{"url":291,"sources":292,"tags":293},"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html",[259,253,260],[294,295,264],"Mailing List","X Refsource MLIST",{"url":297,"sources":298,"tags":299},"https://www.debian.org/security/2018/dsa-4259",[259,253,260],[262,263,264],{"url":301,"sources":302,"tags":303},"http://blog.rubygems.org/2018/02/15/2.7.6-released.html",[259,253,260],[287,262,264],{"url":305,"sources":306,"tags":307},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html",[259,253,260],[262,308,264],"X Refsource SUSE",{"url":310,"sources":311,"tags":312},"https://access.redhat.com/errata/RHSA-2019:2028",[259,253,260],[262,274,264],{"url":314,"sources":315,"tags":316},"https://access.redhat.com/errata/RHSA-2020:0542",[259,253,260],[262,274,264],{"url":318,"sources":319,"tags":320},"https://access.redhat.com/errata/RHSA-2020:0591",[259,253,260],[262,274,264],{"url":322,"sources":323,"tags":324},"https://access.redhat.com/errata/RHSA-2020:0663",[259,253,260],[262,274,264],{"url":326,"sources":327,"tags":328},"https://nvd.nist.gov/vuln/detail/CVE-2018-1000073",[260],[329],"Advisory",{"url":331,"sources":332,"tags":333},"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7",[260],[264],{"url":335,"sources":336,"tags":337},"https://usn.ubuntu.com/3621-1",[260],[264],{"url":339,"sources":340,"tags":341},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2018-1000073.yml",[260],[264],{"url":343,"sources":344,"tags":345},"https://github.com/rubygems/rubygems",[260],[346],"PACKAGE",{"url":348,"sources":349,"tags":350},"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925986",[260],[264],[],{"date":353,"score":249,"percentile":354},"2026-06-04",0.77954,[356,360,363,366,369,372,375,377,379,382,385,388,391,394,397,401,404,407,410,412,415,418,421,424,427,430,433,436,439,442,445,447,449,451,453,456,459,462,465,468,471,474,477,480,483,486,489,492,495,497,500,503,506,509,512,515,518,521,524,527,530,532,535,538,541,544,547,550,553,556,559,562,565,568,571,574,577,580,582,584,587,590,593,596,599,601,604,606,608,611],{"date":357,"score":358,"percentile":359},"2025-11-04",0.0098,0.76025,{"date":361,"score":358,"percentile":362},"2025-11-05",0.76024,{"date":364,"score":358,"percentile":365},"2025-11-06",0.7602,{"date":367,"score":358,"percentile":368},"2025-11-07",0.76036,{"date":370,"score":358,"percentile":371},"2025-11-08",0.7604,{"date":373,"score":358,"percentile":374},"2025-11-09",0.76037,{"date":376,"score":358,"percentile":362},"2025-11-10",{"date":378,"score":358,"percentile":359},"2025-11-11",{"date":380,"score":358,"percentile":381},"2025-11-12",0.76044,{"date":383,"score":358,"percentile":384},"2025-11-13",0.76051,{"date":386,"score":358,"percentile":387},"2025-11-14",0.76057,{"date":389,"score":358,"percentile":390},"2025-11-15",0.76053,{"date":392,"score":358,"percentile":393},"2025-11-16",0.76054,{"date":395,"score":358,"percentile":396},"2025-11-17",0.76045,{"date":398,"score":399,"percentile":400},"2025-11-18",0.01339,0.78299,{"date":402,"score":399,"percentile":403},"2025-11-19",0.78308,{"date":405,"score":399,"percentile":406},"2025-11-20",0.78315,{"date":408,"score":358,"percentile":409},"2025-11-21",0.7607,{"date":411,"score":358,"percentile":409},"2025-11-22",{"date":413,"score":358,"percentile":414},"2025-11-23",0.76056,{"date":416,"score":358,"percentile":417},"2025-11-24",0.76058,{"date":419,"score":358,"percentile":420},"2025-11-25",0.76065,{"date":422,"score":358,"percentile":423},"2025-11-26",0.76071,{"date":425,"score":358,"percentile":426},"2025-11-27",0.76073,{"date":428,"score":358,"percentile":429},"2025-11-28",0.76061,{"date":431,"score":358,"percentile":432},"2025-11-29",0.76066,{"date":434,"score":358,"percentile":435},"2025-11-30",0.76064,{"date":437,"score":358,"percentile":438},"2025-12-01",0.7619,{"date":440,"score":358,"percentile":441},"2025-12-02",0.76194,{"date":443,"score":358,"percentile":444},"2025-12-03",0.76183,{"date":446,"score":358,"percentile":414},"2025-12-04",{"date":448,"score":358,"percentile":420},"2025-12-05",{"date":450,"score":358,"percentile":409},"2025-12-06",{"date":452,"score":358,"percentile":435},"2025-12-07",{"date":454,"score":358,"percentile":455},"2025-12-08",0.76068,{"date":457,"score":358,"percentile":458},"2025-12-09",0.76093,{"date":460,"score":358,"percentile":461},"2025-12-10",0.76118,{"date":463,"score":358,"percentile":464},"2025-12-11",0.76137,{"date":466,"score":358,"percentile":467},"2025-12-12",0.7616,{"date":469,"score":358,"percentile":470},"2025-12-13",0.76163,{"date":472,"score":358,"percentile":473},"2025-12-14",0.76159,{"date":475,"score":358,"percentile":476},"2025-12-15",0.76156,{"date":478,"score":358,"percentile":479},"2025-12-16",0.76167,{"date":481,"score":358,"percentile":482},"2025-12-17",0.76179,{"date":484,"score":358,"percentile":485},"2025-12-18",0.76193,{"date":487,"score":358,"percentile":488},"2025-12-19",0.76208,{"date":490,"score":358,"percentile":491},"2025-12-20",0.76201,{"date":493,"score":358,"percentile":494},"2025-12-21",0.76197,{"date":496,"score":358,"percentile":441},"2025-12-22",{"date":498,"score":358,"percentile":499},"2025-12-23",0.76191,{"date":501,"score":358,"percentile":502},"2025-12-24",0.76202,{"date":504,"score":358,"percentile":505},"2025-12-25",0.76223,{"date":507,"score":358,"percentile":508},"2025-12-26",0.76221,{"date":510,"score":358,"percentile":511},"2025-12-27",0.76276,{"date":513,"score":358,"percentile":514},"2025-12-28",0.76204,{"date":516,"score":358,"percentile":517},"2025-12-29",0.762,{"date":519,"score":358,"percentile":520},"2025-12-30",0.76211,{"date":522,"score":358,"percentile":523},"2025-12-31",0.76233,{"date":525,"score":358,"percentile":526},"2026-01-01",0.7637,{"date":528,"score":358,"percentile":529},"2026-01-02",0.76375,{"date":531,"score":358,"percentile":529},"2026-01-03",{"date":533,"score":358,"percentile":534},"2026-01-04",0.76244,{"date":536,"score":358,"percentile":537},"2026-01-05",0.76234,{"date":539,"score":358,"percentile":540},"2026-01-06",0.76245,{"date":542,"score":358,"percentile":543},"2026-01-07",0.76256,{"date":545,"score":358,"percentile":546},"2026-01-08",0.76265,{"date":548,"score":249,"percentile":549},"2026-01-09",0.77144,{"date":551,"score":249,"percentile":552},"2026-01-10",0.77143,{"date":554,"score":249,"percentile":555},"2026-01-11",0.77137,{"date":557,"score":249,"percentile":558},"2026-01-12",0.77126,{"date":560,"score":249,"percentile":561},"2026-01-13",0.77123,{"date":563,"score":249,"percentile":564},"2026-01-14",0.77147,{"date":566,"score":249,"percentile":567},"2026-01-15",0.7715,{"date":569,"score":249,"percentile":570},"2026-01-16",0.77159,{"date":572,"score":249,"percentile":573},"2026-01-17",0.77161,{"date":575,"score":249,"percentile":576},"2026-01-18",0.77153,{"date":578,"score":249,"percentile":579},"2026-01-19",0.77149,{"date":581,"score":249,"percentile":552},"2026-01-20",{"date":583,"score":249,"percentile":567},"2026-01-21",{"date":585,"score":249,"percentile":586},"2026-01-22",0.77155,{"date":588,"score":249,"percentile":589},"2026-01-23",0.77186,{"date":591,"score":249,"percentile":592},"2026-01-24",0.77197,{"date":594,"score":249,"percentile":595},"2026-01-25",0.77188,{"date":597,"score":249,"percentile":598},"2026-01-26",0.77185,{"date":600,"score":249,"percentile":595},"2026-01-27",{"date":602,"score":249,"percentile":603},"2026-01-28",0.77193,{"date":605,"score":249,"percentile":589},"2026-01-29",{"date":607,"score":249,"percentile":603},"2026-01-30",{"date":609,"score":249,"percentile":610},"2026-01-31",0.77192,{"date":612,"score":249,"percentile":613},"2026-02-01",0.77306,[615,624],{"source":253,"cvss_v2_0":616,"cvss_v3_0":621,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":617,"baseSeverity":9,"vectorString":618,"impactScore":619,"exploitabilityScore":620},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":251,"baseSeverity":622,"vectorString":254,"impactScore":623,"exploitabilityScore":620},"HIGH",6,{"source":260,"cvss_v2_0":9,"cvss_v3_0":625,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":251,"baseSeverity":9,"vectorString":254,"impactScore":623,"exploitabilityScore":620},[627,638,648],{"ecosystem":628,"name":629,"vendor":628,"product":629,"cpe_part":9,"purl_type":630,"purl_namespace":9,"purl_name":629,"source":9,"versions":631},"RubyGems","rubygems-update","gem",[632],{"version":633,"is_range":634,"range_type":635,"version_start":9,"version_start_type":9,"version_end":636,"version_end_type":637,"fixed_in":9},"lt2_7_6",true,"ecosystem","2.7.6","excluding",{"ecosystem":639,"name":640,"vendor":641,"product":642,"cpe_part":9,"purl_type":643,"purl_namespace":641,"purl_name":642,"source":9,"versions":644},"Maven","org.jruby:jruby-stdlib","org.jruby","jruby-stdlib","maven",[645],{"version":646,"is_range":634,"range_type":635,"version_start":9,"version_start_type":9,"version_end":647,"version_end_type":637,"fixed_in":9},"lt9_1_16_0","9.1.16.0",{"ecosystem":9,"name":649,"vendor":649,"product":649,"cpe_part":650,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":651},"rubygems","a",[652,657,660,663],{"version":653,"is_range":634,"range_type":654,"version_start":9,"version_start_type":9,"version_end":655,"version_end_type":656,"fixed_in":9},"lte2.2.9","cpe","2.2.9","including",{"version":658,"is_range":634,"range_type":654,"version_start":9,"version_start_type":9,"version_end":659,"version_end_type":656,"fixed_in":9},"lte2.3.6","2.3.6",{"version":661,"is_range":634,"range_type":654,"version_start":9,"version_start_type":9,"version_end":662,"version_end_type":656,"fixed_in":9},"lte2.4.3","2.4.3",{"version":664,"is_range":634,"range_type":654,"version_start":9,"version_start_type":9,"version_end":665,"version_end_type":656,"fixed_in":9},"lte2.5.0","2.5.0"]