[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-25613":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":29,"downstream":30,"duplicates":79,"related":80,"reserved_at":9,"published_at":87,"modified_at":88,"state":89,"summary":90,"references_raw":99,"kevs":138,"epss":139,"epss_history":142,"metrics":402,"affected":412},"CVE-2020-25613","An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[],[],[31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77],{"_key":32},"ALPINE-CVE-2020-25613",{"_key":34},"SUSE-SU-2021:0933-1",{"_key":36},"SUSE-SU-2021:3837-1",{"_key":38},"OPENSUSE-SU-2021:0471-1",{"_key":40},"OPENSUSE-SU-2024:11310-1",{"_key":42},"DLA-2391-1",{"_key":44},"DLA-2392-1",{"_key":46},"DLA-3408-1",{"_key":48},"MGASA-2020-0423",{"_key":50},"MGASA-2020-0440",{"_key":52},"UBUNTU-CVE-2020-25613",{"_key":54},"RHSA-2021:2229",{"_key":56},"RHSA-2021:2584",{"_key":58},"USN-4882-1",{"_key":60},"DEBIAN-CVE-2020-25613",{"_key":62},"RHSA-2021:2104",{"_key":64},"RHSA-2021:2230",{"_key":66},"RHSA-2021:2587",{"_key":68},"RHSA-2021:2588",{"_key":70},"RHSA-2022:0581",{"_key":72},"RHSA-2022:0582",{"_key":74},"RHSA-2026:7305",{"_key":76},"RHSA-2026:7307",{"_key":78},"RHSA-2026:8838",[],[81,82,83,84,85,86],{"_key":48},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":50},"2020-10-06T00:00:00.000Z","2024-08-04T15:33:05.751Z","Modified",{"cisa_kev":91,"cisa_ransomware":91,"cisa_vendor":9,"epss_severity":92,"epss_score":93,"severity":94,"severity_score":95,"severity_version":96,"severity_source":97,"severity_vector":98,"severity_status":89},false,"low",0.00275,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[100,107,112,117,121,125,129,134],{"url":101,"sources":102,"tags":104},"https://hackerone.com/reports/965267",[103,97],"cve.org",[105,106],"Permissions Required","Third Party Advisory",{"url":108,"sources":109,"tags":110},"https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/",[103,97],[111],"Vendor Advisory",{"url":113,"sources":114,"tags":115},"https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7",[103,97],[116,106],"Patch",{"url":118,"sources":119,"tags":120},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/",[103,97],[111],{"url":122,"sources":123,"tags":124},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/",[103,97],[111],{"url":126,"sources":127,"tags":128},"https://security.netapp.com/advisory/ntap-20210115-0008/",[103,97],[106],{"url":130,"sources":131,"tags":132},"https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html",[103,97],[133],"Mailing List",{"url":135,"sources":136,"tags":137},"https://security.gentoo.org/glsa/202401-27",[103,97],[111],[],{"date":140,"score":93,"percentile":141},"2026-06-04",0.51145,[143,147,150,153,156,159,162,165,168,171,174,177,180,183,186,190,193,196,199,202,205,208,211,213,216,219,222,225,227,230,233,235,238,241,244,247,250,253,256,259,262,265,267,270,273,276,278,281,284,287,290,292,295,297,301,304,306,309,311,314,317,320,322,325,328,330,332,335,338,341,344,347,350,353,356,359,362,364,367,369,372,375,379,382,385,388,391,393,396,399],{"date":144,"score":145,"percentile":146},"2025-11-04",0.00271,0.50349,{"date":148,"score":145,"percentile":149},"2025-11-05",0.50334,{"date":151,"score":145,"percentile":152},"2025-11-06",0.50344,{"date":154,"score":145,"percentile":155},"2025-11-07",0.50371,{"date":157,"score":145,"percentile":158},"2025-11-08",0.50372,{"date":160,"score":145,"percentile":161},"2025-11-09",0.50359,{"date":163,"score":145,"percentile":164},"2025-11-10",0.50328,{"date":166,"score":145,"percentile":167},"2025-11-11",0.50342,{"date":169,"score":145,"percentile":170},"2025-11-12",0.50368,{"date":172,"score":145,"percentile":173},"2025-11-13",0.50373,{"date":175,"score":145,"percentile":176},"2025-11-14",0.50382,{"date":178,"score":145,"percentile":179},"2025-11-15",0.50375,{"date":181,"score":145,"percentile":182},"2025-11-16",0.50355,{"date":184,"score":145,"percentile":185},"2025-11-17",0.50331,{"date":187,"score":188,"percentile":189},"2025-11-18",0.03203,0.8578,{"date":191,"score":188,"percentile":192},"2025-11-19",0.85782,{"date":194,"score":188,"percentile":195},"2025-11-20",0.85783,{"date":197,"score":145,"percentile":198},"2025-11-21",0.50339,{"date":200,"score":145,"percentile":201},"2025-11-22",0.50333,{"date":203,"score":145,"percentile":204},"2025-11-23",0.50294,{"date":206,"score":145,"percentile":207},"2025-11-24",0.50283,{"date":209,"score":145,"percentile":210},"2025-11-25",0.50291,{"date":212,"score":145,"percentile":207},"2025-11-26",{"date":214,"score":145,"percentile":215},"2025-11-27",0.50288,{"date":217,"score":145,"percentile":218},"2025-11-28",0.50256,{"date":220,"score":145,"percentile":221},"2025-11-29",0.50234,{"date":223,"score":145,"percentile":224},"2025-11-30",0.50221,{"date":226,"score":145,"percentile":155},"2025-12-01",{"date":228,"score":145,"percentile":229},"2025-12-02",0.5039,{"date":231,"score":145,"percentile":232},"2025-12-03",0.50387,{"date":234,"score":145,"percentile":221},"2025-12-04",{"date":236,"score":145,"percentile":237},"2025-12-05",0.50257,{"date":239,"score":145,"percentile":240},"2025-12-06",0.50253,{"date":242,"score":145,"percentile":243},"2025-12-07",0.50245,{"date":245,"score":145,"percentile":246},"2025-12-08",0.50239,{"date":248,"score":145,"percentile":249},"2025-12-09",0.50259,{"date":251,"score":145,"percentile":252},"2025-12-10",0.50326,{"date":254,"score":145,"percentile":255},"2025-12-11",0.50345,{"date":257,"score":145,"percentile":258},"2025-12-12",0.50374,{"date":260,"score":145,"percentile":261},"2025-12-13",0.5036,{"date":263,"score":145,"percentile":264},"2025-12-14",0.50343,{"date":266,"score":145,"percentile":252},"2025-12-15",{"date":268,"score":145,"percentile":269},"2025-12-16",0.50336,{"date":271,"score":145,"percentile":272},"2025-12-17",0.50364,{"date":274,"score":145,"percentile":275},"2025-12-18",0.50404,{"date":277,"score":145,"percentile":275},"2025-12-19",{"date":279,"score":145,"percentile":280},"2025-12-20",0.50365,{"date":282,"score":145,"percentile":283},"2025-12-21",0.50338,{"date":285,"score":145,"percentile":286},"2025-12-22",0.50319,{"date":288,"score":145,"percentile":289},"2025-12-23",0.50316,{"date":291,"score":145,"percentile":252},"2025-12-24",{"date":293,"score":145,"percentile":294},"2025-12-25",0.50376,{"date":296,"score":145,"percentile":280},"2025-12-26",{"date":298,"score":299,"percentile":300},"2025-12-27",0.00186,0.40745,{"date":302,"score":145,"percentile":303},"2025-12-28",0.50308,{"date":305,"score":145,"percentile":204},"2025-12-29",{"date":307,"score":145,"percentile":308},"2025-12-30",0.5029,{"date":310,"score":145,"percentile":164},"2025-12-31",{"date":312,"score":145,"percentile":313},"2026-01-01",0.5049,{"date":315,"score":145,"percentile":316},"2026-01-02",0.5047,{"date":318,"score":145,"percentile":319},"2026-01-03",0.50465,{"date":321,"score":145,"percentile":210},"2026-01-04",{"date":323,"score":145,"percentile":324},"2026-01-05",0.50274,{"date":326,"score":145,"percentile":327},"2026-01-06",0.50282,{"date":329,"score":145,"percentile":204},"2026-01-07",{"date":331,"score":145,"percentile":286},"2026-01-08",{"date":333,"score":145,"percentile":334},"2026-01-09",0.50302,{"date":336,"score":145,"percentile":337},"2026-01-10",0.50298,{"date":339,"score":145,"percentile":340},"2026-01-11",0.50279,{"date":342,"score":145,"percentile":343},"2026-01-12",0.50236,{"date":345,"score":145,"percentile":346},"2026-01-13",0.50213,{"date":348,"score":145,"percentile":349},"2026-01-14",0.50262,{"date":351,"score":145,"percentile":352},"2026-01-15",0.50266,{"date":354,"score":145,"percentile":355},"2026-01-16",0.50287,{"date":357,"score":145,"percentile":358},"2026-01-17",0.50265,{"date":360,"score":145,"percentile":361},"2026-01-18",0.5024,{"date":363,"score":145,"percentile":346},"2026-01-19",{"date":365,"score":145,"percentile":366},"2026-01-20",0.50212,{"date":368,"score":145,"percentile":346},"2026-01-21",{"date":370,"score":145,"percentile":371},"2026-01-22",0.50219,{"date":373,"score":145,"percentile":374},"2026-01-23",0.50268,{"date":376,"score":377,"percentile":378},"2026-01-24",0.00202,0.42337,{"date":380,"score":377,"percentile":381},"2026-01-25",0.42286,{"date":383,"score":377,"percentile":384},"2026-01-26",0.42245,{"date":386,"score":377,"percentile":387},"2026-01-27",0.42246,{"date":389,"score":377,"percentile":390},"2026-01-28",0.42243,{"date":392,"score":145,"percentile":366},"2026-01-29",{"date":394,"score":145,"percentile":395},"2026-01-30",0.50215,{"date":397,"score":145,"percentile":398},"2026-01-31",0.50222,{"date":400,"score":145,"percentile":401},"2026-02-01",0.50358,[403],{"source":97,"cvss_v2_0":404,"cvss_v3_0":9,"cvss_v3_1":409,"cvss_v4_0":9},{"baseScore":405,"baseSeverity":9,"vectorString":406,"impactScore":407,"exploitabilityScore":408},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":95,"baseSeverity":410,"vectorString":98,"impactScore":411,"exploitabilityScore":408},"HIGH",6,[413,423,441],{"ecosystem":9,"name":414,"vendor":415,"product":414,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":417},"fedora","fedoraproject","o",[418,421],{"version":419,"is_range":91,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"32","cpe",{"version":422,"is_range":91,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"ecosystem":9,"name":424,"vendor":425,"product":424,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":427},"ruby","ruby-lang","a",[428,433,437],{"version":429,"is_range":430,"range_type":420,"version_start":9,"version_start_type":9,"version_end":431,"version_end_type":432,"fixed_in":9},"lte2.5.8",true,"2.5.8","including",{"version":434,"is_range":430,"range_type":420,"version_start":435,"version_start_type":432,"version_end":436,"version_end_type":432,"fixed_in":9},"gte2.6.0_lte2.6.6","2.6.0","2.6.6",{"version":438,"is_range":430,"range_type":420,"version_start":439,"version_start_type":432,"version_end":440,"version_end_type":432,"fixed_in":9},"gte2.7.0_lte2.7.1","2.7.0","2.7.1",{"ecosystem":9,"name":442,"vendor":425,"product":442,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":443},"webrick",[444],{"version":445,"is_range":430,"range_type":420,"version_start":9,"version_start_type":9,"version_end":446,"version_end_type":432,"fixed_in":9},"lte1.6.0","1.6.0"]