[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-16396":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":52,"related":53,"reserved_at":9,"published_at":58,"modified_at":59,"state":60,"summary":61,"references_raw":70,"kevs":150,"epss":151,"epss_history":154,"metrics":404,"affected":415},"CVE-2018-16396","An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40,42,44,46,48,50],{"_key":23},"ALPINE-CVE-2018-16396",{"_key":25},"RHSA-2020:2769",{"_key":27},"RHSA-2020:2839",{"_key":29},"SUSE-SU-2019:1804-1",{"_key":31},"SUSE-SU-2020:1570-1",{"_key":33},"OPENSUSE-SU-2019:1771-1",{"_key":35},"DLA-1558-1",{"_key":37},"DSA-4332-1",{"_key":39},"MGASA-2018-0411",{"_key":41},"RHSA-2018:3729",{"_key":43},"RHSA-2018:3730",{"_key":45},"RHSA-2018:3731",{"_key":47},"RHSA-2019:2028",{"_key":49},"UBUNTU-CVE-2018-16396",{"_key":51},"USN-3808-1",[],[54,55,56,57],{"_key":29},{"_key":31},{"_key":33},{"_key":39},"2018-11-16T18:00:00.000Z","2024-08-05T10:24:32.115Z","Modified",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":63,"epss_score":64,"severity":65,"severity_score":66,"severity_version":67,"severity_source":68,"severity_vector":69,"severity_status":60},false,"low",0.03126,"high",8.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",[71,79,85,91,95,99,103,108,113,117,121,125,129,135,141,146],{"url":72,"sources":73,"tags":75},"https://hackerone.com/reports/385070",[74,68],"cve.org",[76,77,78],"X Refsource MISC","Permissions Required","Third Party Advisory",{"url":80,"sources":81,"tags":82},"https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",[74,68],[83,84],"X Refsource CONFIRM","Release Notes",{"url":86,"sources":87,"tags":88},"https://access.redhat.com/errata/RHSA-2018:3729",[74,68],[89,90,78],"Vendor Advisory","X Refsource REDHAT",{"url":92,"sources":93,"tags":94},"https://access.redhat.com/errata/RHSA-2018:3730",[74,68],[89,90,78],{"url":96,"sources":97,"tags":98},"https://access.redhat.com/errata/RHSA-2018:3731",[74,68],[89,90,78],{"url":100,"sources":101,"tags":102},"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",[74,68],[83,84],{"url":104,"sources":105,"tags":106},"https://www.debian.org/security/2018/dsa-4332",[74,68],[89,107,78],"X Refsource DEBIAN",{"url":109,"sources":110,"tags":111},"https://usn.ubuntu.com/3808-1/",[74,68],[89,112,78],"X Refsource UBUNTU",{"url":114,"sources":115,"tags":116},"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",[74,68],[83,84],{"url":118,"sources":119,"tags":120},"https://security.netapp.com/advisory/ntap-20190221-0002/",[74,68],[83,78],{"url":122,"sources":123,"tags":124},"https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/",[74,68],[83,89],{"url":126,"sources":127,"tags":128},"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",[74,68],[83,84],{"url":130,"sources":131,"tags":132},"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html",[74,68],[133,134,78],"Mailing List","X Refsource MLIST",{"url":136,"sources":137,"tags":138},"http://www.securitytracker.com/id/1042106",[74,68],[139,140,78],"VDB Entry","X Refsource SECTRACK",{"url":142,"sources":143,"tags":144},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html",[74,68],[89,145],"X Refsource SUSE",{"url":147,"sources":148,"tags":149},"https://access.redhat.com/errata/RHSA-2019:2028",[74,68],[89,90],[],{"date":152,"score":64,"percentile":153},"2026-06-04",0.87095,[155,159,162,164,167,170,173,175,177,180,183,186,189,192,195,199,202,205,208,210,213,216,218,220,222,224,227,230,234,236,239,242,245,248,251,253,255,258,261,264,266,268,271,273,275,278,280,282,285,288,291,294,297,300,304,307,310,313,315,318,321,324,326,329,332,334,337,340,343,346,349,351,353,356,359,362,365,368,370,373,376,379,382,384,387,390,392,395,398,401],{"date":156,"score":157,"percentile":158},"2025-11-04",0.03288,0.86691,{"date":160,"score":157,"percentile":161},"2025-11-05",0.86694,{"date":163,"score":157,"percentile":158},"2025-11-06",{"date":165,"score":157,"percentile":166},"2025-11-07",0.867,{"date":168,"score":157,"percentile":169},"2025-11-08",0.86704,{"date":171,"score":157,"percentile":172},"2025-11-09",0.86698,{"date":174,"score":157,"percentile":172},"2025-11-10",{"date":176,"score":157,"percentile":169},"2025-11-11",{"date":178,"score":157,"percentile":179},"2025-11-12",0.8671,{"date":181,"score":157,"percentile":182},"2025-11-13",0.86716,{"date":184,"score":157,"percentile":185},"2025-11-14",0.86718,{"date":187,"score":157,"percentile":188},"2025-11-15",0.86712,{"date":190,"score":157,"percentile":191},"2025-11-16",0.86715,{"date":193,"score":157,"percentile":194},"2025-11-17",0.86706,{"date":196,"score":197,"percentile":198},"2025-11-18",0.0672,0.90345,{"date":200,"score":197,"percentile":201},"2025-11-19",0.9035,{"date":203,"score":197,"percentile":204},"2025-11-20",0.90354,{"date":206,"score":157,"percentile":207},"2025-11-21",0.8672,{"date":209,"score":157,"percentile":191},"2025-11-22",{"date":211,"score":157,"percentile":212},"2025-11-23",0.86709,{"date":214,"score":157,"percentile":215},"2025-11-24",0.86708,{"date":217,"score":157,"percentile":215},"2025-11-25",{"date":219,"score":157,"percentile":215},"2025-11-26",{"date":221,"score":157,"percentile":212},"2025-11-27",{"date":223,"score":157,"percentile":161},"2025-11-28",{"date":225,"score":157,"percentile":226},"2025-11-29",0.86769,{"date":228,"score":157,"percentile":229},"2025-11-30",0.86768,{"date":231,"score":232,"percentile":233},"2025-12-01",0.04297,0.88489,{"date":235,"score":232,"percentile":233},"2025-12-02",{"date":237,"score":232,"percentile":238},"2025-12-03",0.88487,{"date":240,"score":157,"percentile":241},"2025-12-04",0.86763,{"date":243,"score":157,"percentile":244},"2025-12-05",0.86765,{"date":246,"score":157,"percentile":247},"2025-12-06",0.86762,{"date":249,"score":157,"percentile":250},"2025-12-07",0.86754,{"date":252,"score":157,"percentile":250},"2025-12-08",{"date":254,"score":157,"percentile":241},"2025-12-09",{"date":256,"score":157,"percentile":257},"2025-12-10",0.86783,{"date":259,"score":157,"percentile":260},"2025-12-11",0.86789,{"date":262,"score":157,"percentile":263},"2025-12-12",0.86792,{"date":265,"score":157,"percentile":260},"2025-12-13",{"date":267,"score":157,"percentile":257},"2025-12-14",{"date":269,"score":157,"percentile":270},"2025-12-15",0.86782,{"date":272,"score":157,"percentile":260},"2025-12-16",{"date":274,"score":157,"percentile":263},"2025-12-17",{"date":276,"score":157,"percentile":277},"2025-12-18",0.868,{"date":279,"score":157,"percentile":277},"2025-12-19",{"date":281,"score":157,"percentile":277},"2025-12-20",{"date":283,"score":157,"percentile":284},"2025-12-21",0.86802,{"date":286,"score":157,"percentile":287},"2025-12-22",0.86796,{"date":289,"score":157,"percentile":290},"2025-12-23",0.86799,{"date":292,"score":157,"percentile":293},"2025-12-24",0.86808,{"date":295,"score":157,"percentile":296},"2025-12-25",0.86821,{"date":298,"score":157,"percentile":299},"2025-12-26",0.86822,{"date":301,"score":302,"percentile":303},"2025-12-27",0.02952,0.86085,{"date":305,"score":157,"percentile":306},"2025-12-28",0.86816,{"date":308,"score":157,"percentile":309},"2025-12-29",0.86809,{"date":311,"score":157,"percentile":312},"2025-12-30",0.86813,{"date":314,"score":157,"percentile":299},"2025-12-31",{"date":316,"score":232,"percentile":317},"2026-01-01",0.88571,{"date":319,"score":232,"percentile":320},"2026-01-02",0.88567,{"date":322,"score":232,"percentile":323},"2026-01-03",0.88563,{"date":325,"score":157,"percentile":296},"2026-01-04",{"date":327,"score":157,"percentile":328},"2026-01-05",0.86818,{"date":330,"score":157,"percentile":331},"2026-01-06",0.8682,{"date":333,"score":157,"percentile":299},"2026-01-07",{"date":335,"score":157,"percentile":336},"2026-01-08",0.86831,{"date":338,"score":157,"percentile":339},"2026-01-09",0.86832,{"date":341,"score":157,"percentile":342},"2026-01-10",0.86833,{"date":344,"score":157,"percentile":345},"2026-01-11",0.86827,{"date":347,"score":157,"percentile":348},"2026-01-12",0.86825,{"date":350,"score":157,"percentile":299},"2026-01-13",{"date":352,"score":157,"percentile":342},"2026-01-14",{"date":354,"score":157,"percentile":355},"2026-01-15",0.86834,{"date":357,"score":157,"percentile":358},"2026-01-16",0.8684,{"date":360,"score":157,"percentile":361},"2026-01-17",0.86842,{"date":363,"score":157,"percentile":364},"2026-01-18",0.86844,{"date":366,"score":157,"percentile":367},"2026-01-19",0.86839,{"date":369,"score":157,"percentile":342},"2026-01-20",{"date":371,"score":157,"percentile":372},"2026-01-21",0.86838,{"date":374,"score":157,"percentile":375},"2026-01-22",0.86843,{"date":377,"score":157,"percentile":378},"2026-01-23",0.86859,{"date":380,"score":157,"percentile":381},"2026-01-24",0.86865,{"date":383,"score":157,"percentile":378},"2026-01-25",{"date":385,"score":157,"percentile":386},"2026-01-26",0.86855,{"date":388,"score":157,"percentile":389},"2026-01-27",0.86856,{"date":391,"score":157,"percentile":378},"2026-01-28",{"date":393,"score":157,"percentile":394},"2026-01-29",0.86861,{"date":396,"score":157,"percentile":397},"2026-01-30",0.8686,{"date":399,"score":157,"percentile":400},"2026-01-31",0.86862,{"date":402,"score":232,"percentile":403},"2026-02-01",0.88633,[405],{"source":68,"cvss_v2_0":406,"cvss_v3_0":411,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":407,"baseSeverity":9,"vectorString":408,"impactScore":409,"exploitabilityScore":410},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":66,"baseSeverity":412,"vectorString":69,"impactScore":413,"exploitabilityScore":414},"HIGH",9.8,5.6,[416,431,440,455],{"ecosystem":9,"name":417,"vendor":418,"product":419,"cpe_part":420,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":421},"ubuntu linux","canonical","ubuntu_linux","o",[422,425,427,429],{"version":423,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04","cpe",{"version":426,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":428,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":430,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.10",{"ecosystem":9,"name":432,"vendor":433,"product":434,"cpe_part":420,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":435},"debian linux","debian","debian_linux",[436,438],{"version":437,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":439,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":441,"vendor":442,"product":443,"cpe_part":420,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":444},"enterprise linux","redhat","enterprise_linux",[445,447,449,451,453],{"version":446,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0",{"version":448,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":450,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.4",{"version":452,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.5",{"version":454,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.6",{"ecosystem":9,"name":456,"vendor":457,"product":456,"cpe_part":458,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},"ruby","ruby-lang","a",[460,466,470,474,476],{"version":461,"is_range":462,"range_type":424,"version_start":463,"version_start_type":464,"version_end":465,"version_end_type":464,"fixed_in":9},"gte2.3.0_lte2.3.7",true,"2.3.0","including","2.3.7",{"version":467,"is_range":462,"range_type":424,"version_start":468,"version_start_type":464,"version_end":469,"version_end_type":464,"fixed_in":9},"gte2.4.0_lte2.4.4","2.4.0","2.4.4",{"version":471,"is_range":462,"range_type":424,"version_start":472,"version_start_type":464,"version_end":473,"version_end_type":464,"fixed_in":9},"gte2.5.0_lte2.5.1","2.5.0","2.5.1",{"version":475,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.0:preview1",{"version":477,"is_range":62,"range_type":424,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.0:preview2"]