[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-8780":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":86,"related":87,"reserved_at":9,"published_at":92,"modified_at":93,"state":94,"summary":95,"references_raw":104,"kevs":199,"epss":200,"epss_history":203,"metrics":467,"affected":477},"CVE-2018-8780","In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[],[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84],{"_key":45},"ALPINE-CVE-2018-8780",{"_key":47},"SUSE-SU-2019:1804-1",{"_key":49},"SUSE-SU-2020:1570-1",{"_key":51},"OPENSUSE-SU-2019:1771-1",{"_key":53},"DLA-1358-1",{"_key":55},"DLA-1359-1",{"_key":57},"DLA-1421-1",{"_key":59},"DSA-4259-1",{"_key":61},"MGASA-2018-0411",{"_key":63},"RHSA-2018:3729",{"_key":65},"RHSA-2018:3730",{"_key":67},"RHSA-2018:3731",{"_key":69},"RHSA-2019:2028",{"_key":71},"RHSA-2020:0542",{"_key":73},"RHSA-2020:0591",{"_key":75},"RHSA-2020:0663",{"_key":77},"UBUNTU-CVE-2018-8780",{"_key":79},"USN-3626-1",{"_key":81},"RHSA-2026:7305",{"_key":83},"RHSA-2026:7307",{"_key":85},"RHSA-2026:8838",[],[88,89,90,91],{"_key":47},{"_key":49},{"_key":51},{"_key":61},"2018-04-03T22:00:00.000Z","2024-08-05T07:02:26.043Z","Modified",{"cisa_kev":96,"cisa_ransomware":96,"cisa_vendor":9,"epss_severity":97,"epss_score":98,"severity":99,"severity_score":100,"severity_version":101,"severity_source":102,"severity_vector":103,"severity_status":94},false,"low",0.01739,"critical",9.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",[105,113,119,124,130,134,140,144,148,152,156,161,165,170,174,178,183,187,191,195],{"url":106,"sources":107,"tags":109},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/",[108,102],"cve.org",[110,111,112],"X Refsource CONFIRM","Patch","Vendor Advisory",{"url":114,"sources":115,"tags":116},"https://access.redhat.com/errata/RHSA-2018:3729",[108,102],[112,117,118],"X Refsource REDHAT","Third Party Advisory",{"url":120,"sources":121,"tags":122},"https://usn.ubuntu.com/3626-1/",[108,102],[112,123,118],"X Refsource UBUNTU",{"url":125,"sources":126,"tags":127},"http://www.securitytracker.com/id/1042004",[108,102],[128,129,118],"VDB Entry","X Refsource SECTRACK",{"url":131,"sources":132,"tags":133},"https://access.redhat.com/errata/RHSA-2018:3730",[108,102],[112,117,118],{"url":135,"sources":136,"tags":137},"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html",[108,102],[138,139,118],"Mailing List","X Refsource MLIST",{"url":141,"sources":142,"tags":143},"https://access.redhat.com/errata/RHSA-2018:3731",[108,102],[112,117,118],{"url":145,"sources":146,"tags":147},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/",[108,102],[110,111,112],{"url":149,"sources":150,"tags":151},"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/",[108,102],[110,112],{"url":153,"sources":154,"tags":155},"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html",[108,102],[138,139,118],{"url":157,"sources":158,"tags":159},"http://www.securityfocus.com/bid/103739",[108,102],[128,160,118],"X Refsource BID",{"url":162,"sources":163,"tags":164},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/",[108,102],[110,111,112],{"url":166,"sources":167,"tags":168},"https://www.debian.org/security/2018/dsa-4259",[108,102],[112,169,118],"X Refsource DEBIAN",{"url":171,"sources":172,"tags":173},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",[108,102],[110,111,112],{"url":175,"sources":176,"tags":177},"https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html",[108,102],[138,139,118],{"url":179,"sources":180,"tags":181},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html",[108,102],[112,182],"X Refsource SUSE",{"url":184,"sources":185,"tags":186},"https://access.redhat.com/errata/RHSA-2019:2028",[108,102],[112,117],{"url":188,"sources":189,"tags":190},"https://access.redhat.com/errata/RHSA-2020:0542",[108,102],[112,117],{"url":192,"sources":193,"tags":194},"https://access.redhat.com/errata/RHSA-2020:0591",[108,102],[112,117],{"url":196,"sources":197,"tags":198},"https://access.redhat.com/errata/RHSA-2020:0663",[108,102],[112,117],[],{"date":201,"score":98,"percentile":202},"2026-06-04",0.8285,[204,208,211,214,217,220,223,226,228,231,234,237,240,243,246,250,253,256,259,262,265,268,271,274,276,279,281,284,288,291,293,295,298,300,302,305,308,311,314,317,320,323,326,329,332,335,338,341,344,347,349,352,355,358,362,365,367,369,372,375,378,381,384,387,390,393,396,399,402,405,408,411,414,416,419,422,425,428,431,434,437,440,443,446,449,452,454,456,460,463],{"date":205,"score":206,"percentile":207},"2025-11-04",0.01246,0.78635,{"date":209,"score":206,"percentile":210},"2025-11-05",0.78633,{"date":212,"score":206,"percentile":213},"2025-11-06",0.78628,{"date":215,"score":206,"percentile":216},"2025-11-07",0.78642,{"date":218,"score":206,"percentile":219},"2025-11-08",0.78649,{"date":221,"score":206,"percentile":222},"2025-11-09",0.78645,{"date":224,"score":206,"percentile":225},"2025-11-10",0.78632,{"date":227,"score":206,"percentile":207},"2025-11-11",{"date":229,"score":206,"percentile":230},"2025-11-12",0.78651,{"date":232,"score":206,"percentile":233},"2025-11-13",0.7866,{"date":235,"score":206,"percentile":236},"2025-11-14",0.78667,{"date":238,"score":206,"percentile":239},"2025-11-15",0.78665,{"date":241,"score":206,"percentile":242},"2025-11-16",0.78666,{"date":244,"score":206,"percentile":245},"2025-11-17",0.78659,{"date":247,"score":248,"percentile":249},"2025-11-18",0.01362,0.78517,{"date":251,"score":248,"percentile":252},"2025-11-19",0.78525,{"date":254,"score":248,"percentile":255},"2025-11-20",0.78534,{"date":257,"score":206,"percentile":258},"2025-11-21",0.78691,{"date":260,"score":206,"percentile":261},"2025-11-22",0.78692,{"date":263,"score":206,"percentile":264},"2025-11-23",0.78681,{"date":266,"score":206,"percentile":267},"2025-11-24",0.78679,{"date":269,"score":206,"percentile":270},"2025-11-25",0.78685,{"date":272,"score":206,"percentile":273},"2025-11-26",0.78688,{"date":275,"score":206,"percentile":258},"2025-11-27",{"date":277,"score":206,"percentile":278},"2025-11-28",0.78683,{"date":280,"score":206,"percentile":273},"2025-11-29",{"date":282,"score":206,"percentile":283},"2025-11-30",0.78689,{"date":285,"score":286,"percentile":287},"2025-12-01",0.02768,0.85602,{"date":289,"score":286,"percentile":290},"2025-12-02",0.85605,{"date":292,"score":286,"percentile":290},"2025-12-03",{"date":294,"score":206,"percentile":278},"2025-12-04",{"date":296,"score":206,"percentile":297},"2025-12-05",0.7869,{"date":299,"score":206,"percentile":261},"2025-12-06",{"date":301,"score":206,"percentile":283},"2025-12-07",{"date":303,"score":206,"percentile":304},"2025-12-08",0.78694,{"date":306,"score":206,"percentile":307},"2025-12-09",0.78711,{"date":309,"score":206,"percentile":310},"2025-12-10",0.78734,{"date":312,"score":206,"percentile":313},"2025-12-11",0.78749,{"date":315,"score":206,"percentile":316},"2025-12-12",0.78771,{"date":318,"score":206,"percentile":319},"2025-12-13",0.78772,{"date":321,"score":206,"percentile":322},"2025-12-14",0.78769,{"date":324,"score":206,"percentile":325},"2025-12-15",0.78768,{"date":327,"score":206,"percentile":328},"2025-12-16",0.78779,{"date":330,"score":206,"percentile":331},"2025-12-17",0.78787,{"date":333,"score":206,"percentile":334},"2025-12-18",0.78805,{"date":336,"score":206,"percentile":337},"2025-12-19",0.78817,{"date":339,"score":206,"percentile":340},"2025-12-20",0.78812,{"date":342,"score":206,"percentile":343},"2025-12-21",0.78803,{"date":345,"score":206,"percentile":346},"2025-12-22",0.78804,{"date":348,"score":206,"percentile":346},"2025-12-23",{"date":350,"score":206,"percentile":351},"2025-12-24",0.78816,{"date":353,"score":206,"percentile":354},"2025-12-25",0.78835,{"date":356,"score":206,"percentile":357},"2025-12-26",0.78832,{"date":359,"score":360,"percentile":361},"2025-12-27",0.01086,0.7744,{"date":363,"score":206,"percentile":364},"2025-12-28",0.78822,{"date":366,"score":206,"percentile":351},"2025-12-29",{"date":368,"score":206,"percentile":364},"2025-12-30",{"date":370,"score":206,"percentile":371},"2025-12-31",0.78838,{"date":373,"score":286,"percentile":374},"2026-01-01",0.85663,{"date":376,"score":286,"percentile":377},"2026-01-02",0.85666,{"date":379,"score":286,"percentile":380},"2026-01-03",0.85664,{"date":382,"score":206,"percentile":383},"2026-01-04",0.7883,{"date":385,"score":206,"percentile":386},"2026-01-05",0.78826,{"date":388,"score":206,"percentile":389},"2026-01-06",0.78833,{"date":391,"score":206,"percentile":392},"2026-01-07",0.7884,{"date":394,"score":206,"percentile":395},"2026-01-08",0.78848,{"date":397,"score":206,"percentile":398},"2026-01-09",0.7885,{"date":400,"score":206,"percentile":401},"2026-01-10",0.78853,{"date":403,"score":206,"percentile":404},"2026-01-11",0.78846,{"date":406,"score":206,"percentile":407},"2026-01-12",0.78836,{"date":409,"score":206,"percentile":410},"2026-01-13",0.78831,{"date":412,"score":206,"percentile":413},"2026-01-14",0.78852,{"date":415,"score":206,"percentile":401},"2026-01-15",{"date":417,"score":206,"percentile":418},"2026-01-16",0.78859,{"date":420,"score":206,"percentile":421},"2026-01-17",0.78866,{"date":423,"score":206,"percentile":424},"2026-01-18",0.78862,{"date":426,"score":206,"percentile":427},"2026-01-19",0.7886,{"date":429,"score":206,"percentile":430},"2026-01-20",0.78858,{"date":432,"score":206,"percentile":433},"2026-01-21",0.78863,{"date":435,"score":206,"percentile":436},"2026-01-22",0.78873,{"date":438,"score":206,"percentile":439},"2026-01-23",0.789,{"date":441,"score":206,"percentile":442},"2026-01-24",0.78911,{"date":444,"score":206,"percentile":445},"2026-01-25",0.78905,{"date":447,"score":206,"percentile":448},"2026-01-26",0.78901,{"date":450,"score":206,"percentile":451},"2026-01-27",0.78903,{"date":453,"score":206,"percentile":445},"2026-01-28",{"date":455,"score":206,"percentile":439},"2026-01-29",{"date":457,"score":458,"percentile":459},"2026-01-30",0.01344,0.79669,{"date":461,"score":458,"percentile":462},"2026-01-31",0.79673,{"date":464,"score":465,"percentile":466},"2026-02-01",0.02981,0.86232,[468],{"source":102,"cvss_v2_0":469,"cvss_v3_0":474,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":470,"baseSeverity":9,"vectorString":471,"impactScore":472,"exploitabilityScore":473},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":100,"baseSeverity":475,"vectorString":103,"impactScore":476,"exploitabilityScore":473},"CRITICAL",8.7,[478,491,502],{"ecosystem":9,"name":479,"vendor":480,"product":481,"cpe_part":482,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":483},"ubuntu linux","canonical","ubuntu_linux","o",[484,487,489],{"version":485,"is_range":96,"range_type":486,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04","cpe",{"version":488,"is_range":96,"range_type":486,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":490,"is_range":96,"range_type":486,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"17.10",{"ecosystem":9,"name":492,"vendor":493,"product":494,"cpe_part":482,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":495},"debian linux","debian","debian_linux",[496,498,500],{"version":497,"is_range":96,"range_type":486,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":499,"is_range":96,"range_type":486,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":501,"is_range":96,"range_type":486,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":503,"vendor":504,"product":503,"cpe_part":505,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":506},"ruby","ruby-lang","a",[507,512,517,521,525],{"version":508,"is_range":509,"range_type":486,"version_start":9,"version_start_type":9,"version_end":510,"version_end_type":511,"fixed_in":9},"lt2.2.10",true,"2.2.10","excluding",{"version":513,"is_range":509,"range_type":486,"version_start":514,"version_start_type":515,"version_end":516,"version_end_type":511,"fixed_in":9},"gte2.3.0_lt2.3.7","2.3.0","including","2.3.7",{"version":518,"is_range":509,"range_type":486,"version_start":519,"version_start_type":515,"version_end":520,"version_end_type":511,"fixed_in":9},"gte2.4.0_lt2.4.4","2.4.0","2.4.4",{"version":522,"is_range":509,"range_type":486,"version_start":523,"version_start_type":515,"version_end":524,"version_end_type":511,"fixed_in":9},"gte2.5.0_lt2.5.1","2.5.0","2.5.1",{"version":526,"is_range":96,"range_type":486,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.0:preview1"]