[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-1000119":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":37,"related":38,"reserved_at":9,"published_at":39,"modified_at":40,"state":41,"summary":42,"references_raw":51,"kevs":76,"epss":77,"epss_history":80,"metrics":343,"affected":354},"CVE-2018-1000119","Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-203","Observable Discrepancy","The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-189","Black Box Reverse Engineering",[],[],[],[],[27,29,31,33,35],{"_key":28},"RHSA-2018:1060",{"_key":30},"UBUNTU-CVE-2018-1000119",{"_key":32},"DSA-4247-1",{"_key":34},"RHSA-2020:4366",{"_key":36},"RHSA-2021:1313",[],[],"2018-03-07T14:00:00.000Z","2024-08-05T12:33:49.338Z","Modified",{"cisa_kev":43,"cisa_ransomware":43,"cisa_vendor":9,"epss_severity":44,"epss_score":45,"severity":46,"severity_score":47,"severity_version":48,"severity_source":49,"severity_vector":50,"severity_status":41},false,"low",0.00403,"medium",5.9,"v3.0","nvd","CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",[52,60,66,71],{"url":53,"sources":54,"tags":56},"https://github.com/sinatra/rack-protection/pull/98",[55,49],"cve.org",[57,58,59],"X Refsource CONFIRM","Issue Tracking","Third Party Advisory",{"url":61,"sources":62,"tags":63},"https://access.redhat.com/errata/RHSA-2018:1060",[55,49],[64,65,59],"Vendor Advisory","X Refsource REDHAT",{"url":67,"sources":68,"tags":69},"https://www.debian.org/security/2018/dsa-4247",[55,49],[64,70],"X Refsource DEBIAN",{"url":72,"sources":73,"tags":74},"https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109",[55,49],[57,58,75,59],"Patch",[],{"date":78,"score":45,"percentile":79},"2026-06-04",0.61156,[81,85,88,91,94,97,100,103,106,109,112,115,118,121,124,128,131,134,137,140,143,146,148,151,154,156,159,162,165,168,171,174,176,179,182,184,187,190,193,196,199,202,205,207,210,213,216,219,222,225,228,231,234,237,240,243,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,295,298,300,302,305,308,311,314,317,320,323,325,328,331,334,337,340],{"date":82,"score":83,"percentile":84},"2025-11-04",0.00427,0.61629,{"date":86,"score":83,"percentile":87},"2025-11-05",0.61617,{"date":89,"score":83,"percentile":90},"2025-11-06",0.61623,{"date":92,"score":83,"percentile":93},"2025-11-07",0.6164,{"date":95,"score":83,"percentile":96},"2025-11-08",0.61645,{"date":98,"score":83,"percentile":99},"2025-11-09",0.61641,{"date":101,"score":83,"percentile":102},"2025-11-10",0.61622,{"date":104,"score":83,"percentile":105},"2025-11-11",0.61636,{"date":107,"score":83,"percentile":108},"2025-11-12",0.6166,{"date":110,"score":83,"percentile":111},"2025-11-13",0.61667,{"date":113,"score":83,"percentile":114},"2025-11-14",0.61676,{"date":116,"score":83,"percentile":117},"2025-11-15",0.61669,{"date":119,"score":83,"percentile":120},"2025-11-16",0.61659,{"date":122,"score":83,"percentile":123},"2025-11-17",0.61661,{"date":125,"score":126,"percentile":127},"2025-11-18",0.00338,0.5361,{"date":129,"score":126,"percentile":130},"2025-11-19",0.53624,{"date":132,"score":126,"percentile":133},"2025-11-20",0.53611,{"date":135,"score":83,"percentile":136},"2025-11-21",0.61668,{"date":138,"score":83,"percentile":139},"2025-11-22",0.61674,{"date":141,"score":83,"percentile":142},"2025-11-23",0.61656,{"date":144,"score":83,"percentile":145},"2025-11-24",0.61649,{"date":147,"score":83,"percentile":142},"2025-11-25",{"date":149,"score":83,"percentile":150},"2025-11-26",0.61657,{"date":152,"score":83,"percentile":153},"2025-11-27",0.61664,{"date":155,"score":83,"percentile":96},"2025-11-28",{"date":157,"score":83,"percentile":158},"2025-11-29",0.61621,{"date":160,"score":83,"percentile":161},"2025-11-30",0.61613,{"date":163,"score":83,"percentile":164},"2025-12-01",0.61763,{"date":166,"score":83,"percentile":167},"2025-12-02",0.61779,{"date":169,"score":83,"percentile":170},"2025-12-03",0.61782,{"date":172,"score":83,"percentile":173},"2025-12-04",0.61612,{"date":175,"score":83,"percentile":102},"2025-12-05",{"date":177,"score":83,"percentile":178},"2025-12-06",0.6162,{"date":180,"score":83,"percentile":181},"2025-12-07",0.61615,{"date":183,"score":83,"percentile":178},"2025-12-08",{"date":185,"score":83,"percentile":186},"2025-12-09",0.61658,{"date":188,"score":83,"percentile":189},"2025-12-10",0.61706,{"date":191,"score":83,"percentile":192},"2025-12-11",0.61725,{"date":194,"score":83,"percentile":195},"2025-12-12",0.61748,{"date":197,"score":83,"percentile":198},"2025-12-13",0.61754,{"date":200,"score":83,"percentile":201},"2025-12-14",0.61753,{"date":203,"score":83,"percentile":204},"2025-12-15",0.61735,{"date":206,"score":83,"percentile":198},"2025-12-16",{"date":208,"score":83,"percentile":209},"2025-12-17",0.6177,{"date":211,"score":83,"percentile":212},"2025-12-18",0.61806,{"date":214,"score":83,"percentile":215},"2025-12-19",0.61818,{"date":217,"score":83,"percentile":218},"2025-12-20",0.61819,{"date":220,"score":83,"percentile":221},"2025-12-21",0.61808,{"date":223,"score":83,"percentile":224},"2025-12-22",0.61799,{"date":226,"score":83,"percentile":227},"2025-12-23",0.61817,{"date":229,"score":83,"percentile":230},"2025-12-24",0.61824,{"date":232,"score":83,"percentile":233},"2025-12-25",0.61855,{"date":235,"score":83,"percentile":236},"2025-12-26",0.6185,{"date":238,"score":83,"percentile":239},"2025-12-27",0.61898,{"date":241,"score":83,"percentile":242},"2025-12-28",0.61826,{"date":244,"score":83,"percentile":230},"2025-12-29",{"date":246,"score":83,"percentile":247},"2025-12-30",0.61842,{"date":249,"score":83,"percentile":250},"2025-12-31",0.61864,{"date":252,"score":83,"percentile":253},"2026-01-01",0.62047,{"date":255,"score":83,"percentile":256},"2026-01-02",0.62034,{"date":258,"score":83,"percentile":259},"2026-01-03",0.62031,{"date":261,"score":83,"percentile":262},"2026-01-04",0.61837,{"date":264,"score":83,"percentile":265},"2026-01-05",0.61828,{"date":267,"score":83,"percentile":268},"2026-01-06",0.61836,{"date":270,"score":83,"percentile":271},"2026-01-07",0.61856,{"date":273,"score":83,"percentile":274},"2026-01-08",0.61881,{"date":276,"score":83,"percentile":277},"2026-01-09",0.61883,{"date":279,"score":83,"percentile":280},"2026-01-10",0.61876,{"date":282,"score":83,"percentile":283},"2026-01-11",0.61862,{"date":285,"score":83,"percentile":286},"2026-01-12",0.61834,{"date":288,"score":83,"percentile":289},"2026-01-13",0.61814,{"date":291,"score":83,"percentile":292},"2026-01-14",0.61854,{"date":294,"score":83,"percentile":292},"2026-01-15",{"date":296,"score":83,"percentile":297},"2026-01-16",0.61871,{"date":299,"score":83,"percentile":250},"2026-01-17",{"date":301,"score":83,"percentile":283},"2026-01-18",{"date":303,"score":83,"percentile":304},"2026-01-19",0.61844,{"date":306,"score":83,"percentile":307},"2026-01-20",0.61859,{"date":309,"score":83,"percentile":310},"2026-01-21",0.61861,{"date":312,"score":83,"percentile":313},"2026-01-22",0.61866,{"date":315,"score":83,"percentile":316},"2026-01-23",0.61902,{"date":318,"score":83,"percentile":319},"2026-01-24",0.61906,{"date":321,"score":83,"percentile":322},"2026-01-25",0.61869,{"date":324,"score":83,"percentile":307},"2026-01-26",{"date":326,"score":83,"percentile":327},"2026-01-27",0.61863,{"date":329,"score":83,"percentile":330},"2026-01-28",0.61872,{"date":332,"score":83,"percentile":333},"2026-01-29",0.61873,{"date":335,"score":83,"percentile":336},"2026-01-30",0.61879,{"date":338,"score":83,"percentile":339},"2026-01-31",0.61885,{"date":341,"score":83,"percentile":342},"2026-02-01",0.6202,[344],{"source":49,"cvss_v2_0":345,"cvss_v3_0":350,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":346,"baseSeverity":9,"vectorString":347,"impactScore":348,"exploitabilityScore":349},4.3,"AV:N/AC:M/Au:N/C:P/I:N/A:N",2.9,8.6,{"baseScore":47,"baseSeverity":351,"vectorString":50,"impactScore":352,"exploitabilityScore":353},"MEDIUM",6,5.6,[355],{"ecosystem":9,"name":356,"vendor":357,"product":356,"cpe_part":358,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":359},"rack-protection","sinatrarb","a",[360,366,368,370],{"version":361,"is_range":362,"range_type":363,"version_start":9,"version_start_type":9,"version_end":364,"version_end_type":365,"fixed_in":9},"lt1.5.5",true,"cpe","1.5.5","excluding",{"version":367,"is_range":43,"range_type":363,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.0:rc1",{"version":369,"is_range":43,"range_type":363,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.0:rc2",{"version":371,"is_range":43,"range_type":363,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.0:rc3"]