[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-8778":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":68,"related":69,"reserved_at":9,"published_at":74,"modified_at":75,"state":76,"summary":77,"references_raw":86,"kevs":169,"epss":170,"epss_history":173,"metrics":433,"affected":443},"CVE-2018-8778","In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-134","Use of Externally-Controlled Format String","The product uses a function that accepts a format string as an argument, but the format string originates from an external source.","weakness","Draft","Base","High",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-135","Format String Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-67","String Format Overflow in syslog()",[],[],[],[],[32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66],{"_key":33},"ALPINE-CVE-2018-8778",{"_key":35},"RHSA-2020:1963",{"_key":37},"RHSA-2020:2212",{"_key":39},"RHSA-2020:2288",{"_key":41},"SUSE-SU-2019:1804-1",{"_key":43},"SUSE-SU-2020:1570-1",{"_key":45},"OPENSUSE-SU-2019:1771-1",{"_key":47},"DLA-1358-1",{"_key":49},"DLA-1359-1",{"_key":51},"DLA-1421-1",{"_key":53},"DSA-4259-1",{"_key":55},"MGASA-2018-0411",{"_key":57},"RHSA-2018:3729",{"_key":59},"RHSA-2018:3730",{"_key":61},"RHSA-2018:3731",{"_key":63},"RHSA-2019:2028",{"_key":65},"UBUNTU-CVE-2018-8778",{"_key":67},"USN-3626-1",[],[70,71,72,73],{"_key":41},{"_key":43},{"_key":45},{"_key":55},"2018-04-03T22:00:00.000Z","2024-08-05T07:02:26.126Z","Modified",{"cisa_kev":78,"cisa_ransomware":78,"cisa_vendor":9,"epss_severity":79,"epss_score":80,"severity":81,"severity_score":82,"severity_version":83,"severity_source":84,"severity_vector":85,"severity_status":76},false,"low",0.00537,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[87,95,101,106,112,116,122,126,130,134,138,142,147,151,155,160,165],{"url":88,"sources":89,"tags":91},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/",[90,84],"cve.org",[92,93,94],"X Refsource CONFIRM","Patch","Vendor Advisory",{"url":96,"sources":97,"tags":98},"https://access.redhat.com/errata/RHSA-2018:3729",[90,84],[94,99,100],"X Refsource REDHAT","Third Party Advisory",{"url":102,"sources":103,"tags":104},"https://usn.ubuntu.com/3626-1/",[90,84],[94,105,100],"X Refsource UBUNTU",{"url":107,"sources":108,"tags":109},"http://www.securitytracker.com/id/1042004",[90,84],[110,111,100],"VDB Entry","X Refsource SECTRACK",{"url":113,"sources":114,"tags":115},"https://access.redhat.com/errata/RHSA-2018:3730",[90,84],[94,99,100],{"url":117,"sources":118,"tags":119},"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html",[90,84],[120,121,100],"Mailing List","X Refsource MLIST",{"url":123,"sources":124,"tags":125},"https://access.redhat.com/errata/RHSA-2018:3731",[90,84],[94,99,100],{"url":127,"sources":128,"tags":129},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/",[90,84],[92,93,94],{"url":131,"sources":132,"tags":133},"https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/",[90,84],[92,94],{"url":135,"sources":136,"tags":137},"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html",[90,84],[120,121,100],{"url":139,"sources":140,"tags":141},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/",[90,84],[92,93,94],{"url":143,"sources":144,"tags":145},"https://www.debian.org/security/2018/dsa-4259",[90,84],[94,146,100],"X Refsource DEBIAN",{"url":148,"sources":149,"tags":150},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",[90,84],[92,93,94],{"url":152,"sources":153,"tags":154},"https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html",[90,84],[120,121,100],{"url":156,"sources":157,"tags":158},"http://www.securityfocus.com/bid/103693",[90,84],[110,159,100],"X Refsource BID",{"url":161,"sources":162,"tags":163},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html",[90,84],[94,164],"X Refsource SUSE",{"url":166,"sources":167,"tags":168},"https://access.redhat.com/errata/RHSA-2019:2028",[90,84],[94,99],[],{"date":171,"score":80,"percentile":172},"2026-06-04",0.6785,[174,178,181,184,187,189,191,194,196,199,202,205,208,211,214,218,221,224,227,230,233,236,239,242,244,247,250,253,257,260,262,265,268,271,273,276,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,322,325,328,332,334,337,340,343,346,349,352,354,357,360,363,366,369,372,375,378,380,383,386,389,392,395,398,400,402,405,408,411,413,415,418,421,423,426,429],{"date":175,"score":176,"percentile":177},"2025-11-04",0.00497,0.64968,{"date":179,"score":176,"percentile":180},"2025-11-05",0.64947,{"date":182,"score":176,"percentile":183},"2025-11-06",0.64943,{"date":185,"score":176,"percentile":186},"2025-11-07",0.64952,{"date":188,"score":176,"percentile":186},"2025-11-08",{"date":190,"score":176,"percentile":183},"2025-11-09",{"date":192,"score":176,"percentile":193},"2025-11-10",0.64934,{"date":195,"score":176,"percentile":183},"2025-11-11",{"date":197,"score":176,"percentile":198},"2025-11-12",0.64965,{"date":200,"score":176,"percentile":201},"2025-11-13",0.64972,{"date":203,"score":176,"percentile":204},"2025-11-14",0.64981,{"date":206,"score":176,"percentile":207},"2025-11-15",0.64976,{"date":209,"score":176,"percentile":210},"2025-11-16",0.64967,{"date":212,"score":176,"percentile":213},"2025-11-17",0.64964,{"date":215,"score":216,"percentile":217},"2025-11-18",0.01056,0.75716,{"date":219,"score":216,"percentile":220},"2025-11-19",0.75722,{"date":222,"score":216,"percentile":223},"2025-11-20",0.75732,{"date":225,"score":176,"percentile":226},"2025-11-21",0.64982,{"date":228,"score":176,"percentile":229},"2025-11-22",0.64988,{"date":231,"score":176,"percentile":232},"2025-11-23",0.64973,{"date":234,"score":176,"percentile":235},"2025-11-24",0.64958,{"date":237,"score":176,"percentile":238},"2025-11-25",0.64961,{"date":240,"score":176,"percentile":241},"2025-11-26",0.64963,{"date":243,"score":176,"percentile":177},"2025-11-27",{"date":245,"score":176,"percentile":246},"2025-11-28",0.64953,{"date":248,"score":176,"percentile":249},"2025-11-29",0.6493,{"date":251,"score":176,"percentile":252},"2025-11-30",0.64923,{"date":254,"score":255,"percentile":256},"2025-12-01",0.01562,0.80997,{"date":258,"score":255,"percentile":259},"2025-12-02",0.81001,{"date":261,"score":255,"percentile":259},"2025-12-03",{"date":263,"score":176,"percentile":264},"2025-12-04",0.64927,{"date":266,"score":176,"percentile":267},"2025-12-05",0.64942,{"date":269,"score":176,"percentile":270},"2025-12-06",0.64945,{"date":272,"score":176,"percentile":183},"2025-12-07",{"date":274,"score":176,"percentile":275},"2025-12-08",0.6495,{"date":277,"score":176,"percentile":226},"2025-12-09",{"date":279,"score":176,"percentile":280},"2025-12-10",0.65029,{"date":282,"score":176,"percentile":283},"2025-12-11",0.65046,{"date":285,"score":176,"percentile":286},"2025-12-12",0.65064,{"date":288,"score":176,"percentile":289},"2025-12-13",0.6507,{"date":291,"score":176,"percentile":292},"2025-12-14",0.65069,{"date":294,"score":176,"percentile":295},"2025-12-15",0.65065,{"date":297,"score":176,"percentile":298},"2025-12-16",0.65079,{"date":300,"score":176,"percentile":301},"2025-12-17",0.65093,{"date":303,"score":176,"percentile":304},"2025-12-18",0.65133,{"date":306,"score":176,"percentile":307},"2025-12-19",0.65148,{"date":309,"score":176,"percentile":310},"2025-12-20",0.65145,{"date":312,"score":176,"percentile":313},"2025-12-21",0.65136,{"date":315,"score":176,"percentile":316},"2025-12-22",0.65129,{"date":318,"score":176,"percentile":319},"2025-12-23",0.6513,{"date":321,"score":176,"percentile":313},"2025-12-24",{"date":323,"score":176,"percentile":324},"2025-12-25",0.65161,{"date":326,"score":176,"percentile":327},"2025-12-26",0.65162,{"date":329,"score":330,"percentile":331},"2025-12-27",0.00433,0.62169,{"date":333,"score":176,"percentile":313},"2025-12-28",{"date":335,"score":176,"percentile":336},"2025-12-29",0.65125,{"date":338,"score":176,"percentile":339},"2025-12-30",0.65141,{"date":341,"score":176,"percentile":342},"2025-12-31",0.65166,{"date":344,"score":255,"percentile":345},"2026-01-01",0.81132,{"date":347,"score":255,"percentile":348},"2026-01-02",0.81127,{"date":350,"score":255,"percentile":351},"2026-01-03",0.81122,{"date":353,"score":176,"percentile":342},"2026-01-04",{"date":355,"score":176,"percentile":356},"2026-01-05",0.65154,{"date":358,"score":176,"percentile":359},"2026-01-06",0.65151,{"date":361,"score":176,"percentile":362},"2026-01-07",0.65172,{"date":364,"score":176,"percentile":365},"2026-01-08",0.6519,{"date":367,"score":176,"percentile":368},"2026-01-09",0.65194,{"date":370,"score":176,"percentile":371},"2026-01-10",0.65191,{"date":373,"score":176,"percentile":374},"2026-01-11",0.65179,{"date":376,"score":176,"percentile":377},"2026-01-12",0.65164,{"date":379,"score":176,"percentile":327},"2026-01-13",{"date":381,"score":176,"percentile":382},"2026-01-14",0.65198,{"date":384,"score":176,"percentile":385},"2026-01-15",0.65217,{"date":387,"score":176,"percentile":388},"2026-01-16",0.65235,{"date":390,"score":176,"percentile":391},"2026-01-17",0.65222,{"date":393,"score":176,"percentile":394},"2026-01-18",0.65205,{"date":396,"score":176,"percentile":397},"2026-01-19",0.65192,{"date":399,"score":176,"percentile":394},"2026-01-20",{"date":401,"score":176,"percentile":385},"2026-01-21",{"date":403,"score":176,"percentile":404},"2026-01-22",0.65225,{"date":406,"score":176,"percentile":407},"2026-01-23",0.65259,{"date":409,"score":176,"percentile":410},"2026-01-24",0.65268,{"date":412,"score":176,"percentile":388},"2026-01-25",{"date":414,"score":176,"percentile":404},"2026-01-26",{"date":416,"score":176,"percentile":417},"2026-01-27",0.65233,{"date":419,"score":176,"percentile":420},"2026-01-28",0.65245,{"date":422,"score":176,"percentile":420},"2026-01-29",{"date":424,"score":80,"percentile":425},"2026-01-30",0.66945,{"date":427,"score":80,"percentile":428},"2026-01-31",0.66947,{"date":430,"score":431,"percentile":432},"2026-02-01",0.01684,0.81874,[434],{"source":84,"cvss_v2_0":435,"cvss_v3_0":440,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":436,"baseSeverity":9,"vectorString":437,"impactScore":438,"exploitabilityScore":439},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":82,"baseSeverity":441,"vectorString":85,"impactScore":442,"exploitabilityScore":439},"HIGH",6,[444,457,468,482],{"ecosystem":9,"name":445,"vendor":446,"product":447,"cpe_part":448,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":449},"ubuntu linux","canonical","ubuntu_linux","o",[450,453,455],{"version":451,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04","cpe",{"version":454,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":456,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"17.10",{"ecosystem":9,"name":458,"vendor":459,"product":460,"cpe_part":448,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":461},"debian linux","debian","debian_linux",[462,464,466],{"version":463,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":465,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":467,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":469,"vendor":470,"product":471,"cpe_part":448,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"enterprise linux","redhat","enterprise_linux",[473,475,476,478,480],{"version":474,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0",{"version":463,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":477,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.4",{"version":479,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.5",{"version":481,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.6",{"ecosystem":9,"name":483,"vendor":484,"product":483,"cpe_part":485,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":486},"ruby","ruby-lang","a",[487,494,498,502,506],{"version":488,"is_range":489,"range_type":452,"version_start":490,"version_start_type":491,"version_end":492,"version_end_type":493,"fixed_in":9},"gte2.2.0_lt2.2.10",true,"2.2.0","including","2.2.10","excluding",{"version":495,"is_range":489,"range_type":452,"version_start":496,"version_start_type":491,"version_end":497,"version_end_type":493,"fixed_in":9},"gte2.3.0_lt2.3.7","2.3.0","2.3.7",{"version":499,"is_range":489,"range_type":452,"version_start":500,"version_start_type":491,"version_end":501,"version_end_type":493,"fixed_in":9},"gte2.4.0_lt2.4.4","2.4.0","2.4.4",{"version":503,"is_range":489,"range_type":452,"version_start":504,"version_start_type":491,"version_end":505,"version_end_type":493,"fixed_in":9},"gte2.5.0_lt2.5.1","2.5.0","2.5.1",{"version":507,"is_range":78,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.0:preview1"]