[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-36327":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":36,"duplicate_of":9,"upstream":37,"downstream":38,"duplicates":73,"related":74,"reserved_at":9,"published_at":78,"modified_at":79,"state":80,"summary":81,"references_raw":88,"kevs":120,"epss":121,"epss_history":124,"metrics":377,"affected":388},"CVE-2020-36327","Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every \"Dependency Confusion\" issue in every product.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[19,28],{"_key":20,"name":21,"source":22,"url":23,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":27,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_RUBYGEMS_RUBYGEMS","Rubygems","github","https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32","poc",0.3,false,[],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":26,"type":9,"platforms":35,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_2233F96E8716C8BB","Exploit Reference (zofrex.com)","reference","https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/","unknown",0.2,[],[],[],[39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71],{"_key":40},"RHSA-2022:0545",{"_key":42},"RHSA-2022:0546",{"_key":44},"RHSA-2022:0547",{"_key":46},"RHSA-2022:0548",{"_key":48},"UBUNTU-CVE-2020-36327",{"_key":50},"SUSE-SU-2025:1294-1",{"_key":52},"MGASA-2021-0579",{"_key":54},"SUSE-SU-2026:1355-1",{"_key":56},"RHSA-2021:3020",{"_key":58},"RHSA-2021:3559",{"_key":60},"RHSA-2021:3982",{"_key":62},"DEBIAN-CVE-2020-36327",{"_key":64},"RHSA-2022:0543",{"_key":66},"RHSA-2022:0544",{"_key":68},"RHSA-2022:0581",{"_key":70},"RHSA-2022:0582",{"_key":72},"RHSA-2022:0708",[],[75,76,77],{"_key":50},{"_key":52},{"_key":54},"2021-04-29T02:28:54.000Z","2024-08-04T17:23:10.451Z","Modified",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":82,"epss_score":83,"severity":82,"severity_score":84,"severity_version":85,"severity_source":86,"severity_vector":87,"severity_status":80},"high",0.25071,9.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:C/I:C/A:C",[89,98,104,108,112,115],{"url":90,"sources":91,"tags":93},"https://github.com/rubygems/rubygems/issues/3982",[92,86],"cve.org",[94,95,96,97],"X Refsource MISC","Exploit","Issue Tracking","Third Party Advisory",{"url":99,"sources":100,"tags":101},"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24105",[92,86],[94,102,103],"Patch","Vendor Advisory",{"url":105,"sources":106,"tags":107},"https://bundler.io/blog/2021/02/15/a-more-secure-bundler-we-fixed-our-source-priorities.html",[92,86],[94,103],{"url":109,"sources":110,"tags":111},"https://mensfeld.pl/2021/02/rubygems-dependency-confusion-attack-side-of-things/",[92,86],[94,97],{"url":32,"sources":113,"tags":114},[92,86],[94,95,97],{"url":116,"sources":117,"tags":118},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/",[92,86],[103,119],"X Refsource FEDORA",[],{"date":122,"score":83,"percentile":123},"2026-06-04",0.96282,[125,129,132,135,138,141,144,146,148,151,154,157,160,162,164,168,171,174,177,180,183,186,189,192,195,197,200,202,206,209,212,214,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,266,269,272,275,278,281,284,286,288,291,294,297,299,302,305,307,309,311,313,316,318,321,323,325,327,330,333,336,338,340,343,346,349,352,355,358,362,365,368,370,373],{"date":126,"score":127,"percentile":128},"2025-11-04",0.15566,0.94384,{"date":130,"score":127,"percentile":131},"2025-11-05",0.94383,{"date":133,"score":127,"percentile":134},"2025-11-06",0.94385,{"date":136,"score":127,"percentile":137},"2025-11-07",0.94388,{"date":139,"score":127,"percentile":140},"2025-11-08",0.94389,{"date":142,"score":127,"percentile":143},"2025-11-09",0.94387,{"date":145,"score":127,"percentile":137},"2025-11-10",{"date":147,"score":127,"percentile":140},"2025-11-11",{"date":149,"score":127,"percentile":150},"2025-11-12",0.94394,{"date":152,"score":127,"percentile":153},"2025-11-13",0.94395,{"date":155,"score":127,"percentile":156},"2025-11-14",0.94396,{"date":158,"score":127,"percentile":159},"2025-11-15",0.94392,{"date":161,"score":127,"percentile":156},"2025-11-16",{"date":163,"score":127,"percentile":156},"2025-11-17",{"date":165,"score":166,"percentile":167},"2025-11-18",0.06444,0.90122,{"date":169,"score":166,"percentile":170},"2025-11-19",0.90126,{"date":172,"score":166,"percentile":173},"2025-11-20",0.90129,{"date":175,"score":127,"percentile":176},"2025-11-21",0.94407,{"date":178,"score":127,"percentile":179},"2025-11-22",0.94405,{"date":181,"score":127,"percentile":182},"2025-11-23",0.94406,{"date":184,"score":127,"percentile":185},"2025-11-24",0.94408,{"date":187,"score":127,"percentile":188},"2025-11-25",0.9441,{"date":190,"score":127,"percentile":191},"2025-11-26",0.94412,{"date":193,"score":127,"percentile":194},"2025-11-27",0.94414,{"date":196,"score":127,"percentile":188},"2025-11-28",{"date":198,"score":127,"percentile":199},"2025-11-29",0.94413,{"date":201,"score":127,"percentile":191},"2025-11-30",{"date":203,"score":204,"percentile":205},"2025-12-01",0.12086,0.93562,{"date":207,"score":204,"percentile":208},"2025-12-02",0.93566,{"date":210,"score":204,"percentile":211},"2025-12-03",0.93568,{"date":213,"score":127,"percentile":188},"2025-12-04",{"date":215,"score":127,"percentile":191},"2025-12-05",{"date":217,"score":127,"percentile":218},"2025-12-06",0.94411,{"date":220,"score":127,"percentile":221},"2025-12-07",0.94416,{"date":223,"score":127,"percentile":224},"2025-12-08",0.94417,{"date":226,"score":127,"percentile":227},"2025-12-09",0.94422,{"date":229,"score":127,"percentile":230},"2025-12-10",0.9443,{"date":232,"score":127,"percentile":233},"2025-12-11",0.94433,{"date":235,"score":127,"percentile":236},"2025-12-12",0.94435,{"date":238,"score":127,"percentile":239},"2025-12-13",0.94436,{"date":241,"score":127,"percentile":242},"2025-12-14",0.94434,{"date":244,"score":127,"percentile":245},"2025-12-15",0.94438,{"date":247,"score":127,"percentile":248},"2025-12-16",0.94441,{"date":250,"score":127,"percentile":251},"2025-12-17",0.94444,{"date":253,"score":127,"percentile":254},"2025-12-18",0.94447,{"date":256,"score":127,"percentile":257},"2025-12-19",0.94448,{"date":259,"score":127,"percentile":260},"2025-12-20",0.94449,{"date":262,"score":127,"percentile":263},"2025-12-21",0.94451,{"date":265,"score":127,"percentile":263},"2025-12-22",{"date":267,"score":127,"percentile":268},"2025-12-23",0.9445,{"date":270,"score":127,"percentile":271},"2025-12-24",0.94456,{"date":273,"score":127,"percentile":274},"2025-12-25",0.94463,{"date":276,"score":127,"percentile":277},"2025-12-26",0.94461,{"date":279,"score":127,"percentile":280},"2025-12-27",0.9449,{"date":282,"score":127,"percentile":283},"2025-12-28",0.9446,{"date":285,"score":127,"percentile":283},"2025-12-29",{"date":287,"score":127,"percentile":277},"2025-12-30",{"date":289,"score":127,"percentile":290},"2025-12-31",0.94465,{"date":292,"score":204,"percentile":293},"2026-01-01",0.93604,{"date":295,"score":204,"percentile":296},"2026-01-02",0.93601,{"date":298,"score":204,"percentile":296},"2026-01-03",{"date":300,"score":127,"percentile":301},"2026-01-04",0.94459,{"date":303,"score":127,"percentile":304},"2026-01-05",0.94455,{"date":306,"score":127,"percentile":304},"2026-01-06",{"date":308,"score":127,"percentile":304},"2026-01-07",{"date":310,"score":127,"percentile":283},"2026-01-08",{"date":312,"score":127,"percentile":277},"2026-01-09",{"date":314,"score":127,"percentile":315},"2026-01-10",0.94462,{"date":317,"score":127,"percentile":301},"2026-01-11",{"date":319,"score":127,"percentile":320},"2026-01-12",0.94457,{"date":322,"score":127,"percentile":301},"2026-01-13",{"date":324,"score":127,"percentile":274},"2026-01-14",{"date":326,"score":127,"percentile":274},"2026-01-15",{"date":328,"score":127,"percentile":329},"2026-01-16",0.94467,{"date":331,"score":127,"percentile":332},"2026-01-17",0.9447,{"date":334,"score":127,"percentile":335},"2026-01-18",0.94468,{"date":337,"score":127,"percentile":290},"2026-01-19",{"date":339,"score":127,"percentile":332},"2026-01-20",{"date":341,"score":127,"percentile":342},"2026-01-21",0.94471,{"date":344,"score":127,"percentile":345},"2026-01-22",0.94474,{"date":347,"score":127,"percentile":348},"2026-01-23",0.94482,{"date":350,"score":127,"percentile":351},"2026-01-24",0.94486,{"date":353,"score":127,"percentile":354},"2026-01-25",0.94487,{"date":356,"score":127,"percentile":357},"2026-01-26",0.94489,{"date":359,"score":360,"percentile":361},"2026-01-27",0.19778,0.95267,{"date":363,"score":360,"percentile":364},"2026-01-28",0.95269,{"date":366,"score":360,"percentile":367},"2026-01-29",0.95272,{"date":369,"score":360,"percentile":367},"2026-01-30",{"date":371,"score":360,"percentile":372},"2026-01-31",0.95273,{"date":374,"score":375,"percentile":376},"2026-02-01",0.1557,0.94532,[378],{"source":86,"cvss_v2_0":379,"cvss_v3_0":9,"cvss_v3_1":382,"cvss_v4_0":9},{"baseScore":84,"baseSeverity":9,"vectorString":87,"impactScore":380,"exploitabilityScore":381},10,8.6,{"baseScore":383,"baseSeverity":384,"vectorString":385,"impactScore":386,"exploitabilityScore":387},8.8,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",9.8,7.2,[389,405,412],{"ecosystem":9,"name":390,"vendor":390,"product":390,"cpe_part":391,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":392},"bundler","a",[393,401],{"version":394,"is_range":395,"range_type":396,"version_start":397,"version_start_type":398,"version_end":399,"version_end_type":400,"fixed_in":9},"gte1.16.0_lt2.2.10",true,"cpe","1.16.0","including","2.2.10","excluding",{"version":402,"is_range":395,"range_type":396,"version_start":403,"version_start_type":398,"version_end":404,"version_end_type":398,"fixed_in":9},"gte2.2.11_lte2.2.16","2.2.11","2.2.16",{"ecosystem":9,"name":406,"vendor":407,"product":406,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":409},"fedora","fedoraproject","o",[410],{"version":411,"is_range":26,"range_type":396,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34",{"ecosystem":9,"name":413,"vendor":414,"product":415,"cpe_part":391,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":416},"package manager configurations","microsoft","package_manager_configurations",[417],{"version":418,"is_range":26,"range_type":396,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na"]