{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"rubygem-addressable security update", "category":"general", "title":"Synopsis" }, { "text":"An update for rubygem-addressable is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"Addressable is a replacement for the URI implementation that is part of Ruby's standard library. It more closely conforms to the relevant RFCs and adds support for URI and URL templates.\n\nSecurity Fix(es):\n\nWithin the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking:\n\n1. Templates using the `*` (explode) modifier with any expansion operator (e.g., `{foo*}`, `{+var*}`, `{#var*}`, `{/var*}`, `{.var*}`, `{;var*}`, `{?var*}`, `{&var*}`) generate patterns with nested unbounded quantifiers that are O(2^n) when matched against a maliciously crafted URI.\n2. Templates using multiple variables with the `+` or `#` operators (e.g., `{+v1,v2,v3}`) generate patterns with O(n^k) complexity due to the comma separator being within the matched character class, causing ambiguous backtracking across k variables.\n\nWhen matched against a maliciously crafted URI, this can result in catastrophic backtracking and uncontrolled resource consumption, leading to denial of service. The first pattern was partially addressed in 2.8.10 for certain operator combinations. Both patterns are fully remediated in 2.9.0.\n\nUsers of the URI parsing capabilities in Addressable but not the URI template matching capabilities are unaffected.(CVE-2026-35611)", "category":"general", "title":"Description" }, { "text":"An update for rubygem-addressable is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"rubygem-addressable", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1967", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1967" }, { "summary":"CVE-2026-35611", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-35611&packageName=rubygem-addressable" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35611" }, { "summary":"openEuler-SA-2026-1967 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1967.json" } ], "title":"An update for rubygem-addressable is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2026-04-17T21:04:34+08:00", "revision_history":[ { "date":"2026-04-17T21:04:34+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-04-17T21:04:34+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-04-17T21:04:34+08:00", "id":"openEuler-SA-2026-1967", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"openEuler-24.03-LTS-SP2", "name":"openEuler-24.03-LTS-SP2" }, "name":"openEuler-24.03-LTS-SP2", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rubygem-addressable-2.8.6-2.oe2403sp1.noarch.rpm", "name":"rubygem-addressable-2.8.6-2.oe2403sp1.noarch.rpm" }, "name":"rubygem-addressable-2.8.6-2.oe2403sp1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rubygem-addressable-doc-2.8.6-2.oe2403sp1.noarch.rpm", "name":"rubygem-addressable-doc-2.8.6-2.oe2403sp1.noarch.rpm" }, "name":"rubygem-addressable-doc-2.8.6-2.oe2403sp1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"rubygem-addressable-2.8.6-2.oe2403sp2.noarch.rpm", "name":"rubygem-addressable-2.8.6-2.oe2403sp2.noarch.rpm" }, "name":"rubygem-addressable-2.8.6-2.oe2403sp2.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"rubygem-addressable-doc-2.8.6-2.oe2403sp2.noarch.rpm", "name":"rubygem-addressable-doc-2.8.6-2.oe2403sp2.noarch.rpm" }, "name":"rubygem-addressable-doc-2.8.6-2.oe2403sp2.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rubygem-addressable-2.8.6-2.oe2403sp3.noarch.rpm", "name":"rubygem-addressable-2.8.6-2.oe2403sp3.noarch.rpm" }, "name":"rubygem-addressable-2.8.6-2.oe2403sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rubygem-addressable-doc-2.8.6-2.oe2403sp3.noarch.rpm", "name":"rubygem-addressable-doc-2.8.6-2.oe2403sp3.noarch.rpm" }, "name":"rubygem-addressable-doc-2.8.6-2.oe2403sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"rubygem-addressable-2.5.2-3.oe2003sp4.noarch.rpm", "name":"rubygem-addressable-2.5.2-3.oe2003sp4.noarch.rpm" }, "name":"rubygem-addressable-2.5.2-3.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"rubygem-addressable-doc-2.5.2-3.oe2003sp4.noarch.rpm", "name":"rubygem-addressable-doc-2.5.2-3.oe2003sp4.noarch.rpm" }, "name":"rubygem-addressable-doc-2.5.2-3.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"rubygem-addressable-2.8.0-2.oe2203sp4.noarch.rpm", "name":"rubygem-addressable-2.8.0-2.oe2203sp4.noarch.rpm" }, "name":"rubygem-addressable-2.8.0-2.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"rubygem-addressable-doc-2.8.0-2.oe2203sp4.noarch.rpm", "name":"rubygem-addressable-doc-2.8.0-2.oe2203sp4.noarch.rpm" }, "name":"rubygem-addressable-doc-2.8.0-2.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"rubygem-addressable-2.8.6-2.oe2403.noarch.rpm", "name":"rubygem-addressable-2.8.6-2.oe2403.noarch.rpm" }, "name":"rubygem-addressable-2.8.6-2.oe2403.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"rubygem-addressable-doc-2.8.6-2.oe2403.noarch.rpm", "name":"rubygem-addressable-doc-2.8.6-2.oe2403.noarch.rpm" }, "name":"rubygem-addressable-doc-2.8.6-2.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"rubygem-addressable-2.8.6-2.oe2403sp1.src.rpm", "name":"rubygem-addressable-2.8.6-2.oe2403sp1.src.rpm" }, "name":"rubygem-addressable-2.8.6-2.oe2403sp1.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"rubygem-addressable-2.8.6-2.oe2403sp2.src.rpm", "name":"rubygem-addressable-2.8.6-2.oe2403sp2.src.rpm" }, "name":"rubygem-addressable-2.8.6-2.oe2403sp2.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"rubygem-addressable-2.8.6-2.oe2403sp3.src.rpm", "name":"rubygem-addressable-2.8.6-2.oe2403sp3.src.rpm" }, "name":"rubygem-addressable-2.8.6-2.oe2403sp3.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"rubygem-addressable-2.5.2-3.oe2003sp4.src.rpm", "name":"rubygem-addressable-2.5.2-3.oe2003sp4.src.rpm" }, "name":"rubygem-addressable-2.5.2-3.oe2003sp4.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"rubygem-addressable-2.8.0-2.oe2203sp4.src.rpm", "name":"rubygem-addressable-2.8.0-2.oe2203sp4.src.rpm" }, "name":"rubygem-addressable-2.8.0-2.oe2203sp4.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"rubygem-addressable-2.8.6-2.oe2403.src.rpm", "name":"rubygem-addressable-2.8.6-2.oe2403.src.rpm" }, "name":"rubygem-addressable-2.8.6-2.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rubygem-addressable-2.8.6-2.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rubygem-addressable-2.8.6-2.oe2403sp1.noarch", "name":"rubygem-addressable-2.8.6-2.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rubygem-addressable-doc-2.8.6-2.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rubygem-addressable-doc-2.8.6-2.oe2403sp1.noarch", "name":"rubygem-addressable-doc-2.8.6-2.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"rubygem-addressable-2.8.6-2.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:rubygem-addressable-2.8.6-2.oe2403sp2.noarch", "name":"rubygem-addressable-2.8.6-2.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"rubygem-addressable-doc-2.8.6-2.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:rubygem-addressable-doc-2.8.6-2.oe2403sp2.noarch", "name":"rubygem-addressable-doc-2.8.6-2.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rubygem-addressable-2.8.6-2.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rubygem-addressable-2.8.6-2.oe2403sp3.noarch", "name":"rubygem-addressable-2.8.6-2.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rubygem-addressable-doc-2.8.6-2.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rubygem-addressable-doc-2.8.6-2.oe2403sp3.noarch", "name":"rubygem-addressable-doc-2.8.6-2.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"rubygem-addressable-2.5.2-3.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:rubygem-addressable-2.5.2-3.oe2003sp4.noarch", "name":"rubygem-addressable-2.5.2-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"rubygem-addressable-doc-2.5.2-3.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:rubygem-addressable-doc-2.5.2-3.oe2003sp4.noarch", "name":"rubygem-addressable-doc-2.5.2-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"rubygem-addressable-2.8.0-2.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:rubygem-addressable-2.8.0-2.oe2203sp4.noarch", "name":"rubygem-addressable-2.8.0-2.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"rubygem-addressable-doc-2.8.0-2.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:rubygem-addressable-doc-2.8.0-2.oe2203sp4.noarch", "name":"rubygem-addressable-doc-2.8.0-2.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"rubygem-addressable-2.8.6-2.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:rubygem-addressable-2.8.6-2.oe2403.noarch", "name":"rubygem-addressable-2.8.6-2.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"rubygem-addressable-doc-2.8.6-2.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:rubygem-addressable-doc-2.8.6-2.oe2403.noarch", "name":"rubygem-addressable-doc-2.8.6-2.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"rubygem-addressable-2.8.6-2.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:rubygem-addressable-2.8.6-2.oe2403sp1.src", "name":"rubygem-addressable-2.8.6-2.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"rubygem-addressable-2.8.6-2.oe2403sp2.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:rubygem-addressable-2.8.6-2.oe2403sp2.src", "name":"rubygem-addressable-2.8.6-2.oe2403sp2.src as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"rubygem-addressable-2.8.6-2.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:rubygem-addressable-2.8.6-2.oe2403sp3.src", "name":"rubygem-addressable-2.8.6-2.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"rubygem-addressable-2.5.2-3.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:rubygem-addressable-2.5.2-3.oe2003sp4.src", "name":"rubygem-addressable-2.5.2-3.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"rubygem-addressable-2.8.0-2.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:rubygem-addressable-2.8.0-2.oe2203sp4.src", "name":"rubygem-addressable-2.8.0-2.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"rubygem-addressable-2.8.6-2.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:rubygem-addressable-2.8.6-2.oe2403.src", "name":"rubygem-addressable-2.8.6-2.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-35611", "notes":[ { "text":"Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking:\n\n1. Templates using the `*` (explode) modifier with any expansion operator (e.g., `{foo*}`, `{+var*}`, `{#var*}`, `{/var*}`, `{.var*}`, `{;var*}`, `{?var*}`, `{&var*}`) generate patterns with nested unbounded quantifiers that are O(2^n) when matched against a maliciously crafted URI.\n2. Templates using multiple variables with the `+` or `#` operators (e.g., `{+v1,v2,v3}`) generate patterns with O(n^k) complexity due to the comma separator being within the matched character class, causing ambiguous backtracking across k variables.\n\nWhen matched against a maliciously crafted URI, this can result in catastrophic backtracking and uncontrolled resource consumption, leading to denial of service. The first pattern was partially addressed in 2.8.10 for certain operator combinations. Both patterns are fully remediated in 2.9.0.\n\nUsers of the URI parsing capabilities in Addressable but not the URI template matching capabilities are unaffected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:rubygem-addressable-2.8.6-2.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:rubygem-addressable-doc-2.8.6-2.oe2403sp1.noarch", "openEuler-24.03-LTS-SP2:rubygem-addressable-2.8.6-2.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:rubygem-addressable-doc-2.8.6-2.oe2403sp2.noarch", "openEuler-24.03-LTS-SP3:rubygem-addressable-2.8.6-2.oe2403sp3.noarch", "openEuler-24.03-LTS-SP3:rubygem-addressable-doc-2.8.6-2.oe2403sp3.noarch", "openEuler-20.03-LTS-SP4:rubygem-addressable-2.5.2-3.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:rubygem-addressable-doc-2.5.2-3.oe2003sp4.noarch", "openEuler-22.03-LTS-SP4:rubygem-addressable-2.8.0-2.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:rubygem-addressable-doc-2.8.0-2.oe2203sp4.noarch", "openEuler-24.03-LTS:rubygem-addressable-2.8.6-2.oe2403.noarch", "openEuler-24.03-LTS:rubygem-addressable-doc-2.8.6-2.oe2403.noarch", "openEuler-24.03-LTS-SP1:rubygem-addressable-2.8.6-2.oe2403sp1.src", "openEuler-24.03-LTS-SP2:rubygem-addressable-2.8.6-2.oe2403sp2.src", "openEuler-24.03-LTS-SP3:rubygem-addressable-2.8.6-2.oe2403sp3.src", "openEuler-20.03-LTS-SP4:rubygem-addressable-2.5.2-3.oe2003sp4.src", "openEuler-22.03-LTS-SP4:rubygem-addressable-2.8.0-2.oe2203sp4.src", "openEuler-24.03-LTS:rubygem-addressable-2.8.6-2.oe2403.src" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"rubygem-addressable security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1967" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-35611" } ] }