Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1051816?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "type": "deb", "namespace": "debian", "name": "haproxy", "version": "2.2.9-2+deb11u6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.16-1", "latest_non_vulnerable_version": "3.2.16-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70418?format=api", "vulnerability_id": "VCID-2zm3-vw55-k3af", "summary": "haproxy: Buffer Overflow via Improper Back-Reference Replacement Length Check", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32464.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87343", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87318", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87335", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87341", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87275", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87294", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87302", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87315", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87309", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87305", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.8732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87324", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32464" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102673", "reference_id": "1102673", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102673" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358543", "reference_id": "2358543", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358543" }, { "reference_url": "https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559", "reference_id": "3e3b9eebf871510aee36c3a3336faac2f38c9559", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T19:23:34Z/" } ], "url": "https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559" }, { "reference_url": "https://usn.ubuntu.com/7431-1/", "reference_id": "USN-7431-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7431-1/" }, { "reference_url": "https://usn.ubuntu.com/7431-2/", "reference_id": "USN-7431-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7431-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1057024?format=api", "purl": "pkg:deb/debian/haproxy@2.6.12-1%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mfq-cvmr-nbf8" }, { "vulnerability": "VCID-97wa-uwp2-57gu" }, { "vulnerability": "VCID-rj2h-pnmf-mufp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.6.12-1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-32464" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2zm3-vw55-k3af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351730?format=api", "vulnerability_id": "VCID-97wa-uwp2-57gu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33555.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33555.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01435", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01709", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0174", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01703", "published_at": "2026-04-26T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00805", "published_at": "2026-04-18T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00801", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33555" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/haproxy/haproxy/commit/05a295441c621089ffa4318daf0dbca2dd756a84", "reference_id": "05a295441c621089ffa4318daf0dbca2dd756a84", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:21:23Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T18:42:59Z/" } ], "url": "https://github.com/haproxy/haproxy/commit/05a295441c621089ffa4318daf0dbca2dd756a84" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457920", "reference_id": "2457920", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457920" }, { "reference_url": "https://www.haproxy.com/documentation/haproxy-aloha/changelog/", "reference_id": "changelog", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T18:42:59Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:21:23Z/" } ], "url": "https://www.haproxy.com/documentation/haproxy-aloha/changelog/" }, { "reference_url": "https://r3verii.github.io/cve/2026/04/14/haproxy-h3-standalone-fin-smuggling.html", "reference_id": "haproxy-h3-standalone-fin-smuggling.html", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T18:42:59Z/" } ], "url": "https://r3verii.github.io/cve/2026/04/14/haproxy-h3-standalone-fin-smuggling.html" }, { "reference_url": "https://www.mail-archive.com/haproxy@formilux.org/msg46752.html", "reference_id": "msg46752.html", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T18:42:59Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:21:23Z/" } ], "url": "https://www.mail-archive.com/haproxy@formilux.org/msg46752.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8749", "reference_id": "RHSA-2026:8749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8749" }, { "reference_url": "https://usn.ubuntu.com/8208-1/", "reference_id": "USN-8208-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8208-1/" }, { "reference_url": "https://www.haproxy.org", "reference_id": "www.haproxy.org", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T18:42:59Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:21:23Z/" } ], "url": "https://www.haproxy.org" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067265?format=api", "purl": "pkg:deb/debian/haproxy@3.2.15-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@3.2.15-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1089003?format=api", "purl": "pkg:deb/debian/haproxy@3.2.16-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@3.2.16-1" } ], "aliases": [ "CVE-2026-33555" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-97wa-uwp2-57gu" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38409?format=api", "vulnerability_id": "VCID-4zyf-tsw1-8bfv", "summary": "A vulnerability in HAProxy might lead to remote execution of\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76385", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76389", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76418", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76399", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76432", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76445", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76471", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76449", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76483", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76488", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76474", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76509", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76515", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76528", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777584", "reference_id": "1777584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777584" }, { "reference_url": "https://security.gentoo.org/glsa/202004-01", "reference_id": "GLSA-202004-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202004-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1287", "reference_id": "RHSA-2020:1287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1725", "reference_id": "RHSA-2020:1725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1936", "reference_id": "RHSA-2020:1936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2265", "reference_id": "RHSA-2020:2265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2265" }, { "reference_url": "https://usn.ubuntu.com/4212-1/", "reference_id": "USN-4212-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4212-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037923?format=api", "purl": "pkg:deb/debian/haproxy@1.8.19-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-4zyf-tsw1-8bfv" }, { "vulnerability": "VCID-5q7p-8nxf-sfem" }, { "vulnerability": "VCID-93ba-zj92-zqf1" }, { "vulnerability": "VCID-9gwz-6dnd-r7fj" }, { "vulnerability": "VCID-a7s4-6k62-3qh2" }, { "vulnerability": "VCID-atwp-g4uy-3qgg" }, { "vulnerability": "VCID-bb8w-k2e1-xbht" }, { "vulnerability": "VCID-jz63-5mba-3qbx" }, { "vulnerability": "VCID-mrdn-6cwg-j3h8" }, { "vulnerability": "VCID-s86j-egny-77cu" }, { "vulnerability": "VCID-sy71-5m1g-2yav" }, { "vulnerability": "VCID-w1we-d8uq-s3hh" }, { "vulnerability": "VCID-ygb3-7kb1-tqbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@1.8.19-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2019-19330" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zyf-tsw1-8bfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49894?format=api", "vulnerability_id": "VCID-5q7p-8nxf-sfem", "summary": "A buffer overflow in HAProxy might allow an attacker to execute\n arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html" }, { "reference_url": "http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11100.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11100.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11100", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98851", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98873", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98864", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.9887", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98874", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98853", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98855", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98856", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.9886", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.74791", "scoring_system": "epss", "scoring_elements": "0.98861", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11100" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1168023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1168023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88" }, { "reference_url": "https://lists.debian.org/debian-security-announce/2020/msg00052.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-security-announce/2020/msg00052.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4649", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4649" }, { "reference_url": "https://www.haproxy.org/download/2.1/src/CHANGELOG", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.haproxy.org/download/2.1/src/CHANGELOG" }, { "reference_url": "https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html" }, { "reference_url": "http://www.haproxy.org", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.haproxy.org" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819111", "reference_id": "1819111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819111" }, { "reference_url": "https://security.archlinux.org/ASA-202004-7", "reference_id": "ASA-202004-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-7" }, { "reference_url": "https://security.archlinux.org/AVG-1124", "reference_id": "AVG-1124", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1124" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11100", "reference_id": "CVE-2020-11100", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11100" }, { "reference_url": "https://security.gentoo.org/glsa/202012-22", "reference_id": "GLSA-202012-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1287", "reference_id": "RHSA-2020:1287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1288", "reference_id": "RHSA-2020:1288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1289", "reference_id": "RHSA-2020:1289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1290", "reference_id": "RHSA-2020:1290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1936", "reference_id": "RHSA-2020:1936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1936" }, { "reference_url": "https://usn.ubuntu.com/4321-1/", "reference_id": "USN-4321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037923?format=api", "purl": "pkg:deb/debian/haproxy@1.8.19-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-4zyf-tsw1-8bfv" }, { "vulnerability": "VCID-5q7p-8nxf-sfem" }, { "vulnerability": "VCID-93ba-zj92-zqf1" }, { "vulnerability": "VCID-9gwz-6dnd-r7fj" }, { "vulnerability": "VCID-a7s4-6k62-3qh2" }, { "vulnerability": "VCID-atwp-g4uy-3qgg" }, { "vulnerability": "VCID-bb8w-k2e1-xbht" }, { "vulnerability": "VCID-jz63-5mba-3qbx" }, { "vulnerability": "VCID-mrdn-6cwg-j3h8" }, { "vulnerability": "VCID-s86j-egny-77cu" }, { "vulnerability": "VCID-sy71-5m1g-2yav" }, { "vulnerability": "VCID-w1we-d8uq-s3hh" }, { "vulnerability": "VCID-ygb3-7kb1-tqbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@1.8.19-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2020-11100" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5q7p-8nxf-sfem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80084?format=api", "vulnerability_id": "VCID-93ba-zj92-zqf1", "summary": "haproxy: does not ensure that the scheme and path portions of a URI have the expected characters", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39240.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39240.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20318", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2014", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20178", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20173", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20461", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2052", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20245", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20384", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20413", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20312", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20303", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20301", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995104", "reference_id": "1995104", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995104" }, { "reference_url": "https://security.archlinux.org/AVG-2304", "reference_id": "AVG-2304", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2304" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4118", "reference_id": "RHSA-2021:4118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5208", "reference_id": "RHSA-2021:5208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5208" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2021-39240" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93ba-zj92-zqf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82099?format=api", "vulnerability_id": "VCID-9gwz-6dnd-r7fj", "summary": "haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated \"chunked\" value", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00019.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00019.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76525", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76666", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76615", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76647", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76653", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.7653", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76559", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.7654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76572", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76582", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76609", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76588", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76581", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76623", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00967", "scoring_system": "epss", "scoring_elements": "0.76627", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18277" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=196a7df44d8129d1adc795da020b722614d6a581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=196a7df44d8129d1adc795da020b722614d6a581" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html" }, { "reference_url": "https://nathandavison.com/blog/haproxy-http-request-smuggling", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nathandavison.com/blog/haproxy-http-request-smuggling" }, { "reference_url": "https://www.mail-archive.com/haproxy%40formilux.org/msg34926.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mail-archive.com/haproxy%40formilux.org/msg34926.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759697", "reference_id": "1759697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759697" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18277", "reference_id": "CVE-2019-18277", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1287", "reference_id": "RHSA-2020:1287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1725", "reference_id": "RHSA-2020:1725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1936", "reference_id": "RHSA-2020:1936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2265", "reference_id": "RHSA-2020:2265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2265" }, { "reference_url": "https://usn.ubuntu.com/4174-1/", "reference_id": "USN-4174-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4174-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2019-18277" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gwz-6dnd-r7fj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79633?format=api", "vulnerability_id": "VCID-a7s4-6k62-3qh2", "summary": "haproxy: Denial of service via set-cookie2 header", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0711.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0711.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0711", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98521", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98523", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98526", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98529", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98532", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98533", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98538", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98539", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98542", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.66484", "scoring_system": "epss", "scoring_elements": "0.98543", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0711" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053666", "reference_id": "2053666", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1021", "reference_id": "RHSA-2022:1021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1153", "reference_id": "RHSA-2022:1153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1336", "reference_id": "RHSA-2022:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1620", "reference_id": "RHSA-2022:1620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1620" }, { "reference_url": "https://usn.ubuntu.com/5312-1/", "reference_id": "USN-5312-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5312-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2022-0711" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7s4-6k62-3qh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80086?format=api", "vulnerability_id": "VCID-atwp-g4uy-3qgg", "summary": "haproxy: it can lead to a situation with an attacker-controlled HTTP Host header because a mismatch between Host and authority is mishandled", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39242.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39242.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64367", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.6452", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64508", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64521", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64421", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64451", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.6441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64458", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64474", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.6449", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64478", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64484", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64495", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64487", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39242" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995112", "reference_id": "1995112", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995112" }, { "reference_url": "https://security.archlinux.org/AVG-2304", "reference_id": "AVG-2304", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2304" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4118", "reference_id": "RHSA-2021:4118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5208", "reference_id": "RHSA-2021:5208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5208" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2021-39242" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atwp-g4uy-3qgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78666?format=api", "vulnerability_id": "VCID-bb8w-k2e1-xbht", "summary": "haproxy: request smuggling attack in HTTP/1 header parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20036", "scoring_system": "epss", "scoring_elements": "0.95492", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.20036", "scoring_system": "epss", "scoring_elements": "0.95486", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.20036", "scoring_system": "epss", "scoring_elements": "0.95489", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.20036", "scoring_system": "epss", "scoring_elements": "0.95491", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.29937", "scoring_system": "epss", "scoring_elements": "0.96632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.29937", "scoring_system": "epss", "scoring_elements": "0.96623", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.29937", "scoring_system": "epss", "scoring_elements": "0.96629", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.29937", "scoring_system": "epss", "scoring_elements": "0.96654", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.29937", "scoring_system": "epss", "scoring_elements": "0.96647", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.29937", "scoring_system": "epss", "scoring_elements": "0.96645", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.29937", "scoring_system": "epss", "scoring_elements": "0.96644", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.29937", "scoring_system": "epss", "scoring_elements": "0.96642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.29937", "scoring_system": "epss", "scoring_elements": "0.9664", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25725" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25725" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169089", "reference_id": "2169089", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169089" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5348", "reference_id": "dsa-5348", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5348" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/", "reference_id": "FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/", "reference_id": "JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html", "reference_id": "msg00012.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html" }, { "reference_url": "https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112", "reference_id": "?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/" } ], "url": "https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1268", "reference_id": "RHSA-2023:1268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1325", "reference_id": "RHSA-2023:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1655", "reference_id": "RHSA-2023:1655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1696", "reference_id": "RHSA-2023:1696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1978", "reference_id": "RHSA-2023:1978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0746", "reference_id": "RHSA-2024:0746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0746" }, { "reference_url": "https://usn.ubuntu.com/5869-1/", "reference_id": "USN-5869-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5869-1/" }, { "reference_url": "https://usn.ubuntu.com/7135-1/", "reference_id": "USN-7135-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7135-1/" }, { "reference_url": "https://www.haproxy.org/", "reference_id": "www.haproxy.org", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/" } ], "url": "https://www.haproxy.org/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2023-25725" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bb8w-k2e1-xbht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80042?format=api", "vulnerability_id": "VCID-jz63-5mba-3qbx", "summary": "haproxy: request smuggling attack or response splitting via duplicate content-length header", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40346.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40346.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92378", "scoring_system": "epss", "scoring_elements": "0.99724", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.92378", "scoring_system": "epss", "scoring_elements": "0.99733", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.92378", "scoring_system": "epss", "scoring_elements": "0.99731", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.92378", "scoring_system": "epss", "scoring_elements": "0.99732", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.92378", "scoring_system": "epss", "scoring_elements": "0.99725", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.92378", "scoring_system": "epss", "scoring_elements": "0.99726", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.92378", "scoring_system": "epss", "scoring_elements": "0.99727", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.92378", "scoring_system": "epss", "scoring_elements": "0.99728", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.92378", "scoring_system": "epss", "scoring_elements": "0.99729", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40346" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000599", "reference_id": "2000599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000599" }, { "reference_url": "https://security.archlinux.org/AVG-2343", "reference_id": "AVG-2343", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4118", "reference_id": "RHSA-2021:4118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5208", "reference_id": "RHSA-2021:5208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0024", "reference_id": "RHSA-2022:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0114", "reference_id": "RHSA-2022:0114", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0114" }, { "reference_url": "https://usn.ubuntu.com/5063-1/", "reference_id": "USN-5063-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5063-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2021-40346" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jz63-5mba-3qbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78834?format=api", "vulnerability_id": "VCID-mrdn-6cwg-j3h8", "summary": "haproxy: data leak via fcgi requests", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0836.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0836", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00223", "published_at": "2026-04-02T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00222", "published_at": "2026-04-11T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00221", "published_at": "2026-04-12T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.0022", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00301", "published_at": "2026-04-26T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00303", "published_at": "2026-04-24T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00282", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00302", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00296", "published_at": "2026-04-29T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00279", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0836" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180746", "reference_id": "2180746", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180746" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5388", "reference_id": "dsa-5388", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T16:41:58Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5388" }, { "reference_url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a", "reference_id": "?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T16:41:58Z/" } ], "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6496", "reference_id": "RHSA-2023:6496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6496" }, { "reference_url": "https://usn.ubuntu.com/5994-1/", "reference_id": "USN-5994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5994-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2023-0836" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mrdn-6cwg-j3h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77944?format=api", "vulnerability_id": "VCID-s86j-egny-77cu", "summary": "haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45539.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45539.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07664", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07634", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07748", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07747", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07733", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07717", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07641", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07628", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07745", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0769", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07667", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07707", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0767", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0773", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45539" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45539" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html", "reference_id": "0070.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:42Z/" } ], "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253037", "reference_id": "2253037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253037" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:42Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html" }, { "reference_url": "https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html", "reference_id": "msg43861.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:42Z/" } ], "url": "https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html" }, { "reference_url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6", "reference_id": "?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:42Z/" } ], "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10267", "reference_id": "RHSA-2024:10267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10271", "reference_id": "RHSA-2024:10271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1089", "reference_id": "RHSA-2024:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1142", "reference_id": "RHSA-2024:1142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4853", "reference_id": "RHSA-2024:4853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6412", "reference_id": "RHSA-2024:6412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8849", "reference_id": "RHSA-2024:8849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8874", "reference_id": "RHSA-2024:8874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9945", "reference_id": "RHSA-2024:9945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9945" }, { "reference_url": "https://usn.ubuntu.com/6530-1/", "reference_id": "USN-6530-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6530-1/" }, { "reference_url": "https://usn.ubuntu.com/6530-2/", "reference_id": "USN-6530-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6530-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2023-45539" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s86j-egny-77cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80085?format=api", "vulnerability_id": "VCID-sy71-5m1g-2yav", "summary": "haproxy: an HTTP method name may contain a space followed by the name of a protected resource", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39241.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39241.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63293", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63427", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63418", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63431", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63353", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.6338", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63346", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63397", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63415", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63432", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63414", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63422", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63401", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995107", "reference_id": "1995107", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995107" }, { "reference_url": "https://security.archlinux.org/AVG-2304", "reference_id": "AVG-2304", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2304" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4118", "reference_id": "RHSA-2021:4118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5208", "reference_id": "RHSA-2021:5208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0024", "reference_id": "RHSA-2022:0024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0114", "reference_id": "RHSA-2022:0114", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0114" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2021-39241" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sy71-5m1g-2yav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78789?format=api", "vulnerability_id": "VCID-w1we-d8uq-s3hh", "summary": "haproxy: segfault DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0056.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37666", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.3768", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37711", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37736", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40914", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41229", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41183", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41226", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41123", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41012", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40998", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25725" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160808", "reference_id": "2160808", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160808" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-0056", "reference_id": "CVE-2023-0056", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T19:35:23Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-0056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0727", "reference_id": "RHSA-2023:0727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1325", "reference_id": "RHSA-2023:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1696", "reference_id": "RHSA-2023:1696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1978", "reference_id": "RHSA-2023:1978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0746", "reference_id": "RHSA-2024:0746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0746" }, { "reference_url": "https://usn.ubuntu.com/5819-1/", "reference_id": "USN-5819-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5819-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2023-0056" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1we-d8uq-s3hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78192?format=api", "vulnerability_id": "VCID-ygb3-7kb1-tqbc", "summary": "haproxy: Proxy forwards malformed empty Content-Length headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40225.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07053", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07995", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0807", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08054", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07959", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07943", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08102", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08056", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08021", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08057", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08017", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08077", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08091", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45539" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043502", "reference_id": "1043502", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043502" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231370", "reference_id": "2231370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231370" }, { "reference_url": "https://github.com/haproxy/haproxy/issues/2237", "reference_id": "2237", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/" } ], "url": "https://github.com/haproxy/haproxy/issues/2237" }, { "reference_url": "https://cwe.mitre.org/data/definitions/436.html", "reference_id": "436.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/" } ], "url": "https://cwe.mitre.org/data/definitions/436.html" }, { "reference_url": "https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856", "reference_id": "6492f1f29d738457ea9f382aca54537f35f9d856", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/" } ], "url": "https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856" }, { "reference_url": "https://www.haproxy.org/download/2.6/src/CHANGELOG", "reference_id": "CHANGELOG", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/" } ], "url": "https://www.haproxy.org/download/2.6/src/CHANGELOG" }, { "reference_url": "https://www.haproxy.org/download/2.7/src/CHANGELOG", "reference_id": "CHANGELOG", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/" } ], "url": "https://www.haproxy.org/download/2.7/src/CHANGELOG" }, { "reference_url": "https://www.haproxy.org/download/2.8/src/CHANGELOG", "reference_id": "CHANGELOG", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/" } ], "url": "https://www.haproxy.org/download/2.8/src/CHANGELOG" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7473", "reference_id": "RHSA-2023:7473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7606", "reference_id": "RHSA-2023:7606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0200", "reference_id": "RHSA-2024:0200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0308", "reference_id": "RHSA-2024:0308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1089", "reference_id": "RHSA-2024:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1142", "reference_id": "RHSA-2024:1142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1142" }, { "reference_url": "https://usn.ubuntu.com/6294-1/", "reference_id": "USN-6294-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6294-1/" }, { "reference_url": "https://usn.ubuntu.com/6294-2/", "reference_id": "USN-6294-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6294-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051816?format=api", "purl": "pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zm3-vw55-k3af" }, { "vulnerability": "VCID-97wa-uwp2-57gu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" } ], "aliases": [ "CVE-2023-40225" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygb3-7kb1-tqbc" } ], "risk_score": "3.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6" }