Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1076166?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1076166?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3", "type": "deb", "namespace": "debian", "name": "request-tracker4", "version": "4.4.4+dfsg-2+deb11u3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.4.6+dfsg-1.1+deb12u3", "latest_non_vulnerable_version": "4.4.6+dfsg-1.1+deb12u3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75763?format=api", "vulnerability_id": "VCID-1hye-g1ry-s3dh", "summary": "Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the \"Page\" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser.\n\nThis vulnerability affects versions from 5.0.4 up to 5.0.9 and from 6.0.0 up to 6.0.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11813", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11874", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11896", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11897", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6841" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/5.0.10", "reference_id": "5.0.10", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/5.0.10" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/6.0.3", "reference_id": "6.0.3", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/6.0.3" }, { "reference_url": "https://cert.pl/en/posts/2026/05/CVE-2026-6841", "reference_id": "CVE-2026-6841", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/" } ], "url": "https://cert.pl/en/posts/2026/05/CVE-2026-6841" }, { "reference_url": "https://requesttracker.com/request-tracker/", "reference_id": "request-tracker", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T12:42:30Z/" } ], "url": "https://requesttracker.com/request-tracker/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-6841" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hye-g1ry-s3dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80625?format=api", "vulnerability_id": "VCID-4f97-2teh-pyeg", "summary": "RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the RT database. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by restricting RT account access to trusted users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09907", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09893", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09904", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09858", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41075" }, { "reference_url": "https://github.com/bestpractical/rt/security/advisories/GHSA-7vf8-xv7w-97c6", "reference_id": "GHSA-7vf8-xv7w-97c6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T15:28:27Z/" } ], "url": "https://github.com/bestpractical/rt/security/advisories/GHSA-7vf8-xv7w-97c6" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10", "reference_id": "rt-5.0.10", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T15:28:27Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3", "reference_id": "rt-6.0.3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T15:28:27Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-41075" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f97-2teh-pyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80871?format=api", "vulnerability_id": "VCID-9p4k-17cs-k3fy", "summary": "RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can cause spreadsheet applications to interpret crafted values as formulas or macros when the file is opened. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by avoiding opening exported RT spreadsheet files directly in spreadsheet applications when the data may contain untrusted user input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08732", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08725", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08728", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08684", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41073" }, { "reference_url": "https://github.com/bestpractical/rt/security/advisories/GHSA-6x92-7v65-7m3r", "reference_id": "GHSA-6x92-7v65-7m3r", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:57:10Z/" } ], "url": "https://github.com/bestpractical/rt/security/advisories/GHSA-6x92-7v65-7m3r" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10", "reference_id": "rt-5.0.10", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:57:10Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3", "reference_id": "rt-6.0.3", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-23T02:57:10Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-41073" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9p4k-17cs-k3fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/126508?format=api", "vulnerability_id": "VCID-agzq-e3sq-2qcg", "summary": "Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47446", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47427", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48786", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48922", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2545" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422", "reference_id": "1104422", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424", "reference_id": "1104424", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424" }, { "reference_url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical", "reference_id": "cryptographic-algorithm-not-recommended-request-tracker-best-practical", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T12:22:33Z/" } ], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-2545" ], "risk_score": 0.6, "exploitability": "0.5", "weighted_severity": "1.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-agzq-e3sq-2qcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80779?format=api", "vulnerability_id": "VCID-ca69-35g7-qkhw", "summary": "RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker may be able to authenticate as any LDAP-backed RT user without supplying valid credentials. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by reviewing their LDAP server's authentication policy to ensure it rejects unauthenticated bind attempts. Upgrading RT remains the recommended fix.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21903", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21877", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2189", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21702", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41076" }, { "reference_url": "https://github.com/bestpractical/rt/security/advisories/GHSA-3w28-fmcr-mjjx", "reference_id": "GHSA-3w28-fmcr-mjjx", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:14:24Z/" } ], "url": "https://github.com/bestpractical/rt/security/advisories/GHSA-3w28-fmcr-mjjx" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10", "reference_id": "rt-5.0.10", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:14:24Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-5.0.10" }, { "reference_url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3", "reference_id": "rt-6.0.3", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:14:24Z/" } ], "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-41076" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ca69-35g7-qkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211542?format=api", "vulnerability_id": "VCID-h6yp-1t1q-2qgq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07141", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07136", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07131", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44229" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44229", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44229" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-44229" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6yp-1t1q-2qgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89519?format=api", "vulnerability_id": "VCID-pyvn-d99c-nfaw", "summary": "Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50712", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50849", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50862", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50845", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30087" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422", "reference_id": "1104422", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104422" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424", "reference_id": "1104424", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104424" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/4.4.8", "reference_id": "4.4.8", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T18:00:11Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/4.4.8" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/5.0.8", "reference_id": "5.0.8", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T18:00:11Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/5.0.8" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/index.html", "reference_id": "index.html", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T18:00:11Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/index.html" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-30087" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pyvn-d99c-nfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211543?format=api", "vulnerability_id": "VCID-ve4d-49wj-y3e9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18077", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18093", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44231" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2026-44231" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ve4d-49wj-y3e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/127813?format=api", "vulnerability_id": "VCID-w58v-b4n3-7fb4", "summary": "Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61873", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0036", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00358", "published_at": "2026-06-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00365", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61873" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120003", "reference_id": "1120003", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120003" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/index.html", "reference_id": "index.html", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T18:27:46Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/index.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-61873" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w58v-b4n3-7fb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64016?format=api", "vulnerability_id": "VCID-wj3w-p4m6-2kej", "summary": "Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05701", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05725", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05717", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05708", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3262" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3262", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3262" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068452", "reference_id": "1068452", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068452" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068453", "reference_id": "1068453", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068453" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" }, { "reference_url": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt", "reference_id": "vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:30:10Z/" } ], "url": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076167?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.6%2Bdfsg-1.1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.6%252Bdfsg-1.1%252Bdeb12u3" } ], "aliases": [ "CVE-2024-3262" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wj3w-p4m6-2kej" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208702?format=api", "vulnerability_id": "VCID-ehhx-2gjq-nkee", "summary": "Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27511", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27713", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27739", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27728", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995167", "reference_id": "995167", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995167" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995175", "reference_id": "995175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995175" }, { "reference_url": "https://usn.ubuntu.com/6529-1/", "reference_id": "USN-6529-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6529-1/" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076166?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hye-g1ry-s3dh" }, { "vulnerability": "VCID-4f97-2teh-pyeg" }, { "vulnerability": "VCID-9p4k-17cs-k3fy" }, { "vulnerability": "VCID-agzq-e3sq-2qcg" }, { "vulnerability": "VCID-ca69-35g7-qkhw" }, { "vulnerability": "VCID-h6yp-1t1q-2qgq" }, { "vulnerability": "VCID-pyvn-d99c-nfaw" }, { "vulnerability": "VCID-ve4d-49wj-y3e9" }, { "vulnerability": "VCID-w58v-b4n3-7fb4" }, { "vulnerability": "VCID-wj3w-p4m6-2kej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3" } ], "aliases": [ "CVE-2021-38562" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehhx-2gjq-nkee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147320?format=api", "vulnerability_id": "VCID-f91m-894b-u7dr", "summary": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33298", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3348", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33501", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33476", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41260", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41260" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054516", "reference_id": "1054516", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054516" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054517", "reference_id": "1054517", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054517" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/4.4.7", "reference_id": "4.4.7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:52:22Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/4.4.7" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/5.0.5", "reference_id": "5.0.5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:52:22Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/5.0.5" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/index.html", "reference_id": "index.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:52:22Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/index.html" }, { "reference_url": "https://usn.ubuntu.com/6529-1/", "reference_id": "USN-6529-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6529-1/" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076166?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hye-g1ry-s3dh" }, { "vulnerability": "VCID-4f97-2teh-pyeg" }, { "vulnerability": "VCID-9p4k-17cs-k3fy" }, { "vulnerability": "VCID-agzq-e3sq-2qcg" }, { "vulnerability": "VCID-ca69-35g7-qkhw" }, { "vulnerability": "VCID-h6yp-1t1q-2qgq" }, { "vulnerability": "VCID-pyvn-d99c-nfaw" }, { "vulnerability": "VCID-ve4d-49wj-y3e9" }, { "vulnerability": "VCID-w58v-b4n3-7fb4" }, { "vulnerability": "VCID-wj3w-p4m6-2kej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-41259" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f91m-894b-u7dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199314?format=api", "vulnerability_id": "VCID-wgs7-ztvz-wkag", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0106", "scoring_system": "epss", "scoring_elements": "0.78053", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0106", "scoring_system": "epss", "scoring_elements": "0.78121", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0106", "scoring_system": "epss", "scoring_elements": "0.78134", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0106", "scoring_system": "epss", "scoring_elements": "0.78129", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25802" }, { "reference_url": "https://usn.ubuntu.com/6529-1/", "reference_id": "USN-6529-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6529-1/" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079522?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.3-2%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-agzq-e3sq-2qcg" }, { "vulnerability": "VCID-ehhx-2gjq-nkee" }, { "vulnerability": "VCID-f91m-894b-u7dr" }, { "vulnerability": "VCID-pyvn-d99c-nfaw" }, { "vulnerability": "VCID-w58v-b4n3-7fb4" }, { "vulnerability": "VCID-wgs7-ztvz-wkag" }, { "vulnerability": "VCID-wj3w-p4m6-2kej" }, { "vulnerability": "VCID-x5q5-duu5-dbhb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.3-2%252Bdeb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076166?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hye-g1ry-s3dh" }, { "vulnerability": "VCID-4f97-2teh-pyeg" }, { "vulnerability": "VCID-9p4k-17cs-k3fy" }, { "vulnerability": "VCID-agzq-e3sq-2qcg" }, { "vulnerability": "VCID-ca69-35g7-qkhw" }, { "vulnerability": "VCID-h6yp-1t1q-2qgq" }, { "vulnerability": "VCID-pyvn-d99c-nfaw" }, { "vulnerability": "VCID-ve4d-49wj-y3e9" }, { "vulnerability": "VCID-w58v-b4n3-7fb4" }, { "vulnerability": "VCID-wj3w-p4m6-2kej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3" } ], "aliases": [ "CVE-2022-25802" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgs7-ztvz-wkag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147365?format=api", "vulnerability_id": "VCID-x5q5-duu5-dbhb", "summary": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36793", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36971", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36985", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41260" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41260", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41260" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054516", "reference_id": "1054516", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054516" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054517", "reference_id": "1054517", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054517" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/4.4.7", "reference_id": "4.4.7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:47:43Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/4.4.7" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/5.0.5", "reference_id": "5.0.5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:47:43Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/5.0.5" }, { "reference_url": "https://docs.bestpractical.com/release-notes/rt/index.html", "reference_id": "index.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T14:47:43Z/" } ], "url": "https://docs.bestpractical.com/release-notes/rt/index.html" }, { "reference_url": "https://usn.ubuntu.com/6529-1/", "reference_id": "USN-6529-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6529-1/" }, { "reference_url": "https://usn.ubuntu.com/7692-1/", "reference_id": "USN-7692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076166?format=api", "purl": "pkg:deb/debian/request-tracker4@4.4.4%2Bdfsg-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hye-g1ry-s3dh" }, { "vulnerability": "VCID-4f97-2teh-pyeg" }, { "vulnerability": "VCID-9p4k-17cs-k3fy" }, { "vulnerability": "VCID-agzq-e3sq-2qcg" }, { "vulnerability": "VCID-ca69-35g7-qkhw" }, { "vulnerability": "VCID-h6yp-1t1q-2qgq" }, { "vulnerability": "VCID-pyvn-d99c-nfaw" }, { "vulnerability": "VCID-ve4d-49wj-y3e9" }, { "vulnerability": "VCID-w58v-b4n3-7fb4" }, { "vulnerability": "VCID-wj3w-p4m6-2kej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-41260" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5q5-duu5-dbhb" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/request-tracker4@4.4.4%252Bdfsg-2%252Bdeb11u3" }