[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-6914":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":74,"related":75,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":92,"kevs":176,"epss":177,"epss_history":180,"metrics":436,"affected":446},"CVE-2018-6914","Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[],[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70,72],{"_key":45},"ALPINE-CVE-2018-6914",{"_key":47},"SUSE-SU-2019:1804-1",{"_key":49},"SUSE-SU-2020:1570-1",{"_key":51},"OPENSUSE-SU-2019:1771-1",{"_key":53},"DLA-1358-1",{"_key":55},"DLA-1359-1",{"_key":57},"DLA-1421-1",{"_key":59},"DSA-4259-1",{"_key":61},"MGASA-2018-0411",{"_key":63},"RHSA-2018:3729",{"_key":65},"RHSA-2018:3730",{"_key":67},"RHSA-2018:3731",{"_key":69},"RHSA-2019:2028",{"_key":71},"UBUNTU-CVE-2018-6914",{"_key":73},"USN-3626-1",[],[76,77,78,79],{"_key":47},{"_key":49},{"_key":51},{"_key":61},"2018-04-03T22:00:00.000Z","2024-08-05T06:17:17.120Z","Modified",{"cisa_kev":84,"cisa_ransomware":84,"cisa_vendor":9,"epss_severity":85,"epss_score":86,"severity":87,"severity_score":88,"severity_version":89,"severity_source":90,"severity_vector":91,"severity_status":82},false,"low",0.02372,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[93,101,108,113,119,124,128,134,138,142,146,150,154,159,163,167,172],{"url":94,"sources":95,"tags":97},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/",[96,90],"cve.org",[98,99,100],"X Refsource CONFIRM","Patch","Release Notes",{"url":102,"sources":103,"tags":104},"https://access.redhat.com/errata/RHSA-2018:3729",[96,90],[105,106,107],"Vendor Advisory","X Refsource REDHAT","Third Party Advisory",{"url":109,"sources":110,"tags":111},"https://usn.ubuntu.com/3626-1/",[96,90],[105,112,107],"X Refsource UBUNTU",{"url":114,"sources":115,"tags":116},"http://www.securitytracker.com/id/1042004",[96,90],[117,118,107],"VDB Entry","X Refsource SECTRACK",{"url":120,"sources":121,"tags":122},"http://www.securityfocus.com/bid/103686",[96,90],[117,123,107],"X Refsource BID",{"url":125,"sources":126,"tags":127},"https://access.redhat.com/errata/RHSA-2018:3730",[96,90],[105,106,107],{"url":129,"sources":130,"tags":131},"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html",[96,90],[132,133,107],"Mailing List","X Refsource MLIST",{"url":135,"sources":136,"tags":137},"https://access.redhat.com/errata/RHSA-2018:3731",[96,90],[105,106,107],{"url":139,"sources":140,"tags":141},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/",[96,90],[98,99,100],{"url":143,"sources":144,"tags":145},"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html",[96,90],[132,133,107],{"url":147,"sources":148,"tags":149},"https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/",[96,90],[98,105],{"url":151,"sources":152,"tags":153},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/",[96,90],[98,99,100],{"url":155,"sources":156,"tags":157},"https://www.debian.org/security/2018/dsa-4259",[96,90],[105,158,107],"X Refsource DEBIAN",{"url":160,"sources":161,"tags":162},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",[96,90],[98,99,100],{"url":164,"sources":165,"tags":166},"https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html",[96,90],[132,133,107],{"url":168,"sources":169,"tags":170},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html",[96,90],[105,171],"X Refsource SUSE",{"url":173,"sources":174,"tags":175},"https://access.redhat.com/errata/RHSA-2019:2028",[96,90],[105,106],[],{"date":178,"score":86,"percentile":179},"2026-06-04",0.8525,[181,184,187,190,193,196,199,202,205,208,211,213,216,218,220,224,227,230,232,235,237,239,242,244,246,249,252,255,259,262,265,268,271,273,276,279,282,285,288,291,294,297,299,302,305,308,311,314,317,319,321,324,327,330,334,337,340,343,346,349,352,355,357,360,362,365,368,370,373,376,378,380,383,386,389,392,395,398,401,404,407,410,413,416,418,421,424,427,430,433],{"date":182,"score":86,"percentile":183},"2025-11-04",0.84405,{"date":185,"score":86,"percentile":186},"2025-11-05",0.8441,{"date":188,"score":86,"percentile":189},"2025-11-06",0.84413,{"date":191,"score":86,"percentile":192},"2025-11-07",0.8442,{"date":194,"score":86,"percentile":195},"2025-11-08",0.84426,{"date":197,"score":86,"percentile":198},"2025-11-09",0.84421,{"date":200,"score":86,"percentile":201},"2025-11-10",0.84417,{"date":203,"score":86,"percentile":204},"2025-11-11",0.84422,{"date":206,"score":86,"percentile":207},"2025-11-12",0.84432,{"date":209,"score":86,"percentile":210},"2025-11-13",0.84438,{"date":212,"score":86,"percentile":210},"2025-11-14",{"date":214,"score":86,"percentile":215},"2025-11-15",0.84431,{"date":217,"score":86,"percentile":207},"2025-11-16",{"date":219,"score":86,"percentile":204},"2025-11-17",{"date":221,"score":222,"percentile":223},"2025-11-18",0.02881,0.85063,{"date":225,"score":222,"percentile":226},"2025-11-19",0.85064,{"date":228,"score":222,"percentile":229},"2025-11-20",0.85067,{"date":231,"score":86,"percentile":207},"2025-11-21",{"date":233,"score":86,"percentile":234},"2025-11-22",0.8443,{"date":236,"score":86,"percentile":192},"2025-11-23",{"date":238,"score":86,"percentile":201},"2025-11-24",{"date":240,"score":86,"percentile":241},"2025-11-25",0.84419,{"date":243,"score":86,"percentile":198},"2025-11-26",{"date":245,"score":86,"percentile":204},"2025-11-27",{"date":247,"score":86,"percentile":248},"2025-11-28",0.84404,{"date":250,"score":86,"percentile":251},"2025-11-29",0.84439,{"date":253,"score":86,"percentile":254},"2025-11-30",0.8444,{"date":256,"score":257,"percentile":258},"2025-12-01",0.04812,0.89145,{"date":260,"score":257,"percentile":261},"2025-12-02",0.89147,{"date":263,"score":257,"percentile":264},"2025-12-03",0.89146,{"date":266,"score":86,"percentile":267},"2025-12-04",0.84445,{"date":269,"score":86,"percentile":270},"2025-12-05",0.84448,{"date":272,"score":86,"percentile":270},"2025-12-06",{"date":274,"score":86,"percentile":275},"2025-12-07",0.84442,{"date":277,"score":86,"percentile":278},"2025-12-08",0.84444,{"date":280,"score":86,"percentile":281},"2025-12-09",0.84457,{"date":283,"score":86,"percentile":284},"2025-12-10",0.8448,{"date":286,"score":86,"percentile":287},"2025-12-11",0.84484,{"date":289,"score":86,"percentile":290},"2025-12-12",0.8449,{"date":292,"score":86,"percentile":293},"2025-12-13",0.84486,{"date":295,"score":86,"percentile":296},"2025-12-14",0.84485,{"date":298,"score":86,"percentile":296},"2025-12-15",{"date":300,"score":86,"percentile":301},"2025-12-16",0.84492,{"date":303,"score":86,"percentile":304},"2025-12-17",0.84497,{"date":306,"score":86,"percentile":307},"2025-12-18",0.84502,{"date":309,"score":86,"percentile":310},"2025-12-19",0.84508,{"date":312,"score":86,"percentile":313},"2025-12-20",0.84504,{"date":315,"score":86,"percentile":316},"2025-12-21",0.84505,{"date":318,"score":86,"percentile":316},"2025-12-22",{"date":320,"score":86,"percentile":310},"2025-12-23",{"date":322,"score":86,"percentile":323},"2025-12-24",0.84516,{"date":325,"score":86,"percentile":326},"2025-12-25",0.84532,{"date":328,"score":86,"percentile":329},"2025-12-26",0.84534,{"date":331,"score":332,"percentile":333},"2025-12-27",0.02072,0.83543,{"date":335,"score":86,"percentile":336},"2025-12-28",0.84523,{"date":338,"score":86,"percentile":339},"2025-12-29",0.84518,{"date":341,"score":86,"percentile":342},"2025-12-30",0.84524,{"date":344,"score":86,"percentile":345},"2025-12-31",0.84535,{"date":347,"score":257,"percentile":348},"2026-01-01",0.89223,{"date":350,"score":257,"percentile":351},"2026-01-02",0.89219,{"date":353,"score":257,"percentile":354},"2026-01-03",0.89217,{"date":356,"score":86,"percentile":342},"2026-01-04",{"date":358,"score":86,"percentile":359},"2026-01-05",0.84517,{"date":361,"score":86,"percentile":336},"2026-01-06",{"date":363,"score":86,"percentile":364},"2026-01-07",0.84521,{"date":366,"score":86,"percentile":367},"2026-01-08",0.84529,{"date":369,"score":86,"percentile":326},"2026-01-09",{"date":371,"score":86,"percentile":372},"2026-01-10",0.84528,{"date":374,"score":86,"percentile":375},"2026-01-11",0.84527,{"date":377,"score":86,"percentile":336},"2026-01-12",{"date":379,"score":86,"percentile":364},"2026-01-13",{"date":381,"score":86,"percentile":382},"2026-01-14",0.8454,{"date":384,"score":86,"percentile":385},"2026-01-15",0.84536,{"date":387,"score":86,"percentile":388},"2026-01-16",0.84545,{"date":390,"score":86,"percentile":391},"2026-01-17",0.8455,{"date":393,"score":86,"percentile":394},"2026-01-18",0.84549,{"date":396,"score":86,"percentile":397},"2026-01-19",0.84542,{"date":399,"score":86,"percentile":400},"2026-01-20",0.84546,{"date":402,"score":86,"percentile":403},"2026-01-21",0.84552,{"date":405,"score":86,"percentile":406},"2026-01-22",0.84556,{"date":408,"score":86,"percentile":409},"2026-01-23",0.84572,{"date":411,"score":86,"percentile":412},"2026-01-24",0.84583,{"date":414,"score":86,"percentile":415},"2026-01-25",0.84579,{"date":417,"score":86,"percentile":415},"2026-01-26",{"date":419,"score":86,"percentile":420},"2026-01-27",0.84582,{"date":422,"score":86,"percentile":423},"2026-01-28",0.84585,{"date":425,"score":86,"percentile":426},"2026-01-29",0.84587,{"date":428,"score":86,"percentile":429},"2026-01-30",0.84591,{"date":431,"score":86,"percentile":432},"2026-01-31",0.8459,{"date":434,"score":257,"percentile":435},"2026-02-01",0.89279,[437],{"source":90,"cvss_v2_0":438,"cvss_v3_0":443,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":439,"baseSeverity":9,"vectorString":440,"impactScore":441,"exploitabilityScore":442},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":88,"baseSeverity":444,"vectorString":91,"impactScore":445,"exploitabilityScore":442},"HIGH",6,[447,460,471,485],{"ecosystem":9,"name":448,"vendor":449,"product":450,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"ubuntu linux","canonical","ubuntu_linux","o",[453,456,458],{"version":454,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04","cpe",{"version":457,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":459,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"17.10",{"ecosystem":9,"name":461,"vendor":462,"product":463,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":464},"debian linux","debian","debian_linux",[465,467,469],{"version":466,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":468,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":470,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":472,"vendor":473,"product":474,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":475},"enterprise linux","redhat","enterprise_linux",[476,478,479,481,483],{"version":477,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0",{"version":466,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":480,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.4",{"version":482,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.5",{"version":484,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.6",{"ecosystem":9,"name":486,"vendor":487,"product":486,"cpe_part":488,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":489},"ruby","ruby-lang","a",[490,497,501,505,509],{"version":491,"is_range":492,"range_type":455,"version_start":493,"version_start_type":494,"version_end":495,"version_end_type":496,"fixed_in":9},"gte2.2.0_lt2.2.10",true,"2.2.0","including","2.2.10","excluding",{"version":498,"is_range":492,"range_type":455,"version_start":499,"version_start_type":494,"version_end":500,"version_end_type":496,"fixed_in":9},"gte2.3.0_lt2.3.7","2.3.0","2.3.7",{"version":502,"is_range":492,"range_type":455,"version_start":503,"version_start_type":494,"version_end":504,"version_end_type":496,"fixed_in":9},"gte2.4.0_lt2.4.4","2.4.0","2.4.4",{"version":506,"is_range":492,"range_type":455,"version_start":507,"version_start_type":494,"version_end":508,"version_end_type":496,"fixed_in":9},"gte2.5.0_lt2.5.1","2.5.0","2.5.1",{"version":510,"is_range":84,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.0:preview1"]