[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-1000074":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":73,"related":74,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":92,"kevs":203,"epss":204,"epss_history":207,"metrics":473,"affected":486},"CVE-2018-1000074","RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[],[26],"GHSA-qj2w-mw2r-pv39",[],[29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71],{"_key":30},"SUSE-SU-2019:1804-1",{"_key":32},"SUSE-SU-2020:1570-1",{"_key":34},"OPENSUSE-SU-2019:1771-1",{"_key":36},"DLA-1352-1",{"_key":38},"DLA-1480-1",{"_key":40},"DLA-1796-1",{"_key":42},"DSA-4219-1",{"_key":44},"DSA-4259-1",{"_key":46},"MGASA-2020-0243",{"_key":48},"MGASA-2019-0062",{"_key":50},"RHSA-2018:3729",{"_key":52},"RHSA-2018:3730",{"_key":54},"RHSA-2018:3731",{"_key":56},"RHSA-2019:2028",{"_key":58},"RHSA-2020:0542",{"_key":60},"RHSA-2020:0591",{"_key":62},"RHSA-2020:0663",{"_key":64},"UBUNTU-CVE-2018-1000074",{"_key":66},"USN-3621-1",{"_key":68},"USN-3621-2",{"_key":70},"USN-3685-1",{"_key":72},"DEBIAN-CVE-2018-1000074",[],[75,76,77,78,79],{"_key":30},{"_key":32},{"_key":34},{"_key":48},{"_key":46},"2018-03-13T15:00:00.000Z","2024-08-05T12:33:49.164Z","Modified",{"cisa_kev":84,"cisa_ransomware":84,"cisa_vendor":9,"epss_severity":85,"epss_score":86,"severity":87,"severity_score":88,"severity_version":89,"severity_source":90,"severity_vector":91,"severity_status":82},false,"low",0.00535,"high",7.8,"v3.0","nvd","CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[93,100,104,113,119,124,128,133,137,141,145,149,153,157,162,166,170,174,178,183,187,191,195,199],{"url":94,"sources":95,"tags":97},"https://usn.ubuntu.com/3685-1/",[96,90],"cve.org",[98,99],"Vendor Advisory","X Refsource UBUNTU",{"url":101,"sources":102,"tags":103},"https://usn.ubuntu.com/3621-2/",[96,90],[98,99],{"url":105,"sources":106,"tags":108},"https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d",[96,90,107],"osv_maven",[109,110,111,112],"X Refsource MISC","Patch","Third Party Advisory","WEB",{"url":114,"sources":115,"tags":116},"https://lists.debian.org/debian-lts-announce/2018/04/msg00017.html",[96,90,107],[117,118,112],"Mailing List","X Refsource MLIST",{"url":120,"sources":121,"tags":122},"https://www.debian.org/security/2018/dsa-4219",[96,90,107],[98,123,112],"X Refsource DEBIAN",{"url":125,"sources":126,"tags":127},"https://usn.ubuntu.com/3621-1/",[96,90],[98,99],{"url":129,"sources":130,"tags":131},"https://access.redhat.com/errata/RHSA-2018:3729",[96,90,107],[98,132,112],"X Refsource REDHAT",{"url":134,"sources":135,"tags":136},"https://access.redhat.com/errata/RHSA-2018:3730",[96,90,107],[98,132,112],{"url":138,"sources":139,"tags":140},"https://access.redhat.com/errata/RHSA-2018:3731",[96,90,107],[98,132,112],{"url":142,"sources":143,"tags":144},"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html",[96,90,107],[117,118,112],{"url":146,"sources":147,"tags":148},"https://www.debian.org/security/2018/dsa-4259",[96,90,107],[98,123,112],{"url":150,"sources":151,"tags":152},"http://blog.rubygems.org/2018/02/15/2.7.6-released.html",[96,90,107],[109,98,112],{"url":154,"sources":155,"tags":156},"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html",[96,90,107],[117,118,112],{"url":158,"sources":159,"tags":160},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html",[96,90,107],[98,161,112],"X Refsource SUSE",{"url":163,"sources":164,"tags":165},"https://access.redhat.com/errata/RHSA-2019:2028",[96,90,107],[98,132,112],{"url":167,"sources":168,"tags":169},"https://access.redhat.com/errata/RHSA-2020:0542",[96,90,107],[98,132,112],{"url":171,"sources":172,"tags":173},"https://access.redhat.com/errata/RHSA-2020:0591",[96,90,107],[98,132,112],{"url":175,"sources":176,"tags":177},"https://access.redhat.com/errata/RHSA-2020:0663",[96,90,107],[98,132,112],{"url":179,"sources":180,"tags":181},"https://nvd.nist.gov/vuln/detail/CVE-2018-1000074",[107],[182],"Advisory",{"url":184,"sources":185,"tags":186},"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7",[107],[112],{"url":188,"sources":189,"tags":190},"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183",[107],[112],{"url":192,"sources":193,"tags":194},"https://usn.ubuntu.com/3685-1",[107],[112],{"url":196,"sources":197,"tags":198},"https://usn.ubuntu.com/3621-2",[107],[112],{"url":200,"sources":201,"tags":202},"https://usn.ubuntu.com/3621-1",[107],[112],[],{"date":205,"score":86,"percentile":206},"2026-06-04",0.67784,[208,212,215,218,221,223,226,229,231,234,237,240,243,245,248,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,311,314,317,320,323,326,329,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409,412,415,418,421,424,427,430,433,436,439,441,444,447,450,453,456,458,461,464,467,470],{"date":209,"score":210,"percentile":211},"2025-11-04",0.00495,0.64891,{"date":213,"score":210,"percentile":214},"2025-11-05",0.6487,{"date":216,"score":210,"percentile":217},"2025-11-06",0.64865,{"date":219,"score":210,"percentile":220},"2025-11-07",0.64875,{"date":222,"score":210,"percentile":220},"2025-11-08",{"date":224,"score":210,"percentile":225},"2025-11-09",0.64866,{"date":227,"score":210,"percentile":228},"2025-11-10",0.64857,{"date":230,"score":210,"percentile":225},"2025-11-11",{"date":232,"score":210,"percentile":233},"2025-11-12",0.64888,{"date":235,"score":210,"percentile":236},"2025-11-13",0.64895,{"date":238,"score":210,"percentile":239},"2025-11-14",0.64904,{"date":241,"score":210,"percentile":242},"2025-11-15",0.649,{"date":244,"score":210,"percentile":211},"2025-11-16",{"date":246,"score":210,"percentile":247},"2025-11-17",0.64889,{"date":249,"score":250,"percentile":251},"2025-11-18",0.00721,0.70256,{"date":253,"score":250,"percentile":254},"2025-11-19",0.70263,{"date":256,"score":250,"percentile":257},"2025-11-20",0.70274,{"date":259,"score":210,"percentile":260},"2025-11-21",0.64907,{"date":262,"score":210,"percentile":263},"2025-11-22",0.64913,{"date":265,"score":210,"percentile":266},"2025-11-23",0.64897,{"date":268,"score":210,"percentile":269},"2025-11-24",0.64883,{"date":271,"score":210,"percentile":272},"2025-11-25",0.64885,{"date":274,"score":210,"percentile":275},"2025-11-26",0.64887,{"date":277,"score":210,"percentile":278},"2025-11-27",0.64892,{"date":280,"score":210,"percentile":281},"2025-11-28",0.64878,{"date":283,"score":210,"percentile":284},"2025-11-29",0.64854,{"date":286,"score":210,"percentile":287},"2025-11-30",0.64848,{"date":289,"score":210,"percentile":290},"2025-12-01",0.65009,{"date":292,"score":210,"percentile":293},"2025-12-02",0.65026,{"date":295,"score":210,"percentile":296},"2025-12-03",0.65027,{"date":298,"score":210,"percentile":299},"2025-12-04",0.64852,{"date":301,"score":210,"percentile":302},"2025-12-05",0.64868,{"date":304,"score":210,"percentile":305},"2025-12-06",0.64871,{"date":307,"score":210,"percentile":308},"2025-12-07",0.64869,{"date":310,"score":210,"percentile":220},"2025-12-08",{"date":312,"score":210,"percentile":313},"2025-12-09",0.64908,{"date":315,"score":210,"percentile":316},"2025-12-10",0.64954,{"date":318,"score":210,"percentile":319},"2025-12-11",0.64971,{"date":321,"score":210,"percentile":322},"2025-12-12",0.64989,{"date":324,"score":210,"percentile":325},"2025-12-13",0.64995,{"date":327,"score":210,"percentile":328},"2025-12-14",0.64994,{"date":330,"score":210,"percentile":322},"2025-12-15",{"date":332,"score":210,"percentile":333},"2025-12-16",0.65004,{"date":335,"score":210,"percentile":336},"2025-12-17",0.65016,{"date":338,"score":210,"percentile":339},"2025-12-18",0.65056,{"date":341,"score":210,"percentile":342},"2025-12-19",0.65071,{"date":344,"score":210,"percentile":345},"2025-12-20",0.65068,{"date":347,"score":210,"percentile":348},"2025-12-21",0.65058,{"date":350,"score":210,"percentile":351},"2025-12-22",0.65052,{"date":353,"score":210,"percentile":354},"2025-12-23",0.65054,{"date":356,"score":210,"percentile":357},"2025-12-24",0.6506,{"date":359,"score":210,"percentile":360},"2025-12-25",0.65086,{"date":362,"score":210,"percentile":363},"2025-12-26",0.65087,{"date":365,"score":210,"percentile":366},"2025-12-27",0.65136,{"date":368,"score":210,"percentile":369},"2025-12-28",0.65061,{"date":371,"score":210,"percentile":372},"2025-12-29",0.6505,{"date":374,"score":210,"percentile":375},"2025-12-30",0.65066,{"date":377,"score":210,"percentile":378},"2025-12-31",0.65091,{"date":380,"score":210,"percentile":381},"2026-01-01",0.65277,{"date":383,"score":210,"percentile":384},"2026-01-02",0.65263,{"date":386,"score":210,"percentile":387},"2026-01-03",0.65265,{"date":389,"score":210,"percentile":390},"2026-01-04",0.65092,{"date":392,"score":210,"percentile":393},"2026-01-05",0.65079,{"date":395,"score":210,"percentile":396},"2026-01-06",0.65077,{"date":398,"score":210,"percentile":399},"2026-01-07",0.65098,{"date":401,"score":210,"percentile":402},"2026-01-08",0.65116,{"date":404,"score":86,"percentile":405},"2026-01-09",0.66832,{"date":407,"score":86,"percentile":408},"2026-01-10",0.66835,{"date":410,"score":86,"percentile":411},"2026-01-11",0.66823,{"date":413,"score":86,"percentile":414},"2026-01-12",0.66807,{"date":416,"score":86,"percentile":417},"2026-01-13",0.66804,{"date":419,"score":86,"percentile":420},"2026-01-14",0.66837,{"date":422,"score":86,"percentile":423},"2026-01-15",0.66841,{"date":425,"score":86,"percentile":426},"2026-01-16",0.66856,{"date":428,"score":86,"percentile":429},"2026-01-17",0.66846,{"date":431,"score":86,"percentile":432},"2026-01-18",0.66829,{"date":434,"score":86,"percentile":435},"2026-01-19",0.6681,{"date":437,"score":86,"percentile":438},"2026-01-20",0.66825,{"date":440,"score":86,"percentile":420},"2026-01-21",{"date":442,"score":86,"percentile":443},"2026-01-22",0.66845,{"date":445,"score":86,"percentile":446},"2026-01-23",0.66874,{"date":448,"score":86,"percentile":449},"2026-01-24",0.66884,{"date":451,"score":86,"percentile":452},"2026-01-25",0.66852,{"date":454,"score":86,"percentile":455},"2026-01-26",0.66842,{"date":457,"score":86,"percentile":452},"2026-01-27",{"date":459,"score":86,"percentile":460},"2026-01-28",0.66862,{"date":462,"score":86,"percentile":463},"2026-01-29",0.66866,{"date":465,"score":86,"percentile":466},"2026-01-30",0.66878,{"date":468,"score":86,"percentile":469},"2026-01-31",0.66879,{"date":471,"score":86,"percentile":472},"2026-02-01",0.6703,[474,484],{"source":90,"cvss_v2_0":475,"cvss_v3_0":480,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":476,"baseSeverity":9,"vectorString":477,"impactScore":478,"exploitabilityScore":479},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":88,"baseSeverity":481,"vectorString":91,"impactScore":482,"exploitabilityScore":483},"HIGH",9.8,4.6,{"source":107,"cvss_v2_0":9,"cvss_v3_0":485,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":88,"baseSeverity":9,"vectorString":91,"impactScore":482,"exploitabilityScore":483},[487,498,508],{"ecosystem":488,"name":489,"vendor":488,"product":489,"cpe_part":9,"purl_type":490,"purl_namespace":9,"purl_name":489,"source":9,"versions":491},"RubyGems","rubygems-update","gem",[492],{"version":493,"is_range":494,"range_type":495,"version_start":9,"version_start_type":9,"version_end":496,"version_end_type":497,"fixed_in":9},"lt2_7_6",true,"ecosystem","2.7.6","excluding",{"ecosystem":499,"name":500,"vendor":501,"product":502,"cpe_part":9,"purl_type":503,"purl_namespace":501,"purl_name":502,"source":9,"versions":504},"Maven","org.jruby:jruby-stdlib","org.jruby","jruby-stdlib","maven",[505],{"version":506,"is_range":494,"range_type":495,"version_start":9,"version_start_type":9,"version_end":507,"version_end_type":497,"fixed_in":9},"lt9_1_16_0","9.1.16.0",{"ecosystem":9,"name":509,"vendor":509,"product":509,"cpe_part":510,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":511},"rubygems","a",[512,517,520,523],{"version":513,"is_range":494,"range_type":514,"version_start":9,"version_start_type":9,"version_end":515,"version_end_type":516,"fixed_in":9},"lte2.2.9","cpe","2.2.9","including",{"version":518,"is_range":494,"range_type":514,"version_start":9,"version_start_type":9,"version_end":519,"version_end_type":516,"fixed_in":9},"lte2.3.6","2.3.6",{"version":521,"is_range":494,"range_type":514,"version_start":9,"version_start_type":9,"version_end":522,"version_end_type":516,"fixed_in":9},"lte2.4.3","2.4.3",{"version":524,"is_range":494,"range_type":514,"version_start":9,"version_start_type":9,"version_end":525,"version_end_type":516,"fixed_in":9},"lte2.5.0","2.5.0"]