Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/109986?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/109986?format=api", "purl": "pkg:rpm/redhat/redis@2.8.21-2?arch=el7map", "type": "rpm", "namespace": "redhat", "name": "redis", "version": "2.8.21-2", "qualifiers": { "arch": "el7map" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83980?format=api", "vulnerability_id": "VCID-3s88-wdk6-xyh6", "summary": "RHMAP: Stored XSS in App Store", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2675" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7554.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7554.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.5244", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52593", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52546", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52586", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52486", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52513", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.5248", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52532", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52527", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52578", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52562", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7554" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770", "reference_id": "1478770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:mobile_application_platform:4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:mobile_application_platform:4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:mobile_application_platform:4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7554", "reference_id": "CVE-2017-7554", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2674", "reference_id": "RHSA-2017:2674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2674" } ], "fixed_packages": [], "aliases": [ "CVE-2017-7554" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3s88-wdk6-xyh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48316?format=api", "vulnerability_id": "VCID-6wfy-67je-97h1", "summary": "A command injection vulnerability in Git may allow remote attackers\n to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2675" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000117.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000117.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76431", "scoring_system": "epss", "scoring_elements": "0.98924", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.76431", "scoring_system": "epss", "scoring_elements": "0.98939", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.76431", "scoring_system": "epss", "scoring_elements": "0.9893", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.76431", "scoring_system": "epss", "scoring_elements": "0.98932", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.76431", "scoring_system": "epss", "scoring_elements": "0.98934", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.76431", "scoring_system": "epss", "scoring_elements": "0.98935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.76431", "scoring_system": "epss", "scoring_elements": "0.98937", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.76431", "scoring_system": "epss", "scoring_elements": "0.98925", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.76431", "scoring_system": "epss", "scoring_elements": "0.98928", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000117" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://support.apple.com/HT208103", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT208103" }, { "reference_url": "https://www.exploit-db.com/exploits/42599/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/42599/" }, { "reference_url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3934", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3934" }, { "reference_url": "http://www.securityfocus.com/bid/100283", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100283" }, { "reference_url": "http://www.securitytracker.com/id/1039131", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039131" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480386", "reference_id": "1480386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480386" }, { "reference_url": "https://security.archlinux.org/ASA-201708-6", "reference_id": "ASA-201708-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-6" }, { "reference_url": "https://security.archlinux.org/AVG-377", "reference_id": "AVG-377", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-377" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.0:rc0:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.10.0:rc0:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.0:rc0:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.10.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.10.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.10.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.10.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.10.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:rc0:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.11.0:rc0:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:rc0:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.11.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.11.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.11.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.0:rc0:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.12.0:rc0:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.0:rc0:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.12.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.12.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.12.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.12.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.12.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.0:rc0:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.13.0:rc0:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.0:rc0:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.13.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.13.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.13.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.13.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.13.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.13.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.14.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.14.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.14.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.14.0:rc0:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.14.0:rc0:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.14.0:rc0:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.14.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.14.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.14.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:rc0:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.0:rc0:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:rc0:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.0:rc0:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.9.0:rc0:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.0:rc0:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.9.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.9.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:git-scm:git:2.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:git-scm:git:2.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/202c936868328a4fe665c9d2ea82b8f8a2610b6e/modules/exploits/multi/http/git_submodule_command_exec.rb", "reference_id": "CVE-2017-1000117", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/202c936868328a4fe665c9d2ea82b8f8a2610b6e/modules/exploits/multi/http/git_submodule_command_exec.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/remote/42599.rb", "reference_id": "CVE-2017-1000117", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/remote/42599.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000117", "reference_id": "CVE-2017-1000117", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000117" }, { "reference_url": "https://security.gentoo.org/glsa/201709-10", "reference_id": "GLSA-201709-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2484", "reference_id": "RHSA-2017:2484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2485", "reference_id": "RHSA-2017:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2491", "reference_id": "RHSA-2017:2491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2674", "reference_id": "RHSA-2017:2674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2674" }, { "reference_url": "https://usn.ubuntu.com/3387-1/", "reference_id": "USN-3387-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3387-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2017-1000117" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wfy-67je-97h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8294?format=api", "vulnerability_id": "VCID-am2z-v7gj-nqch", "summary": "Uncontrolled Resource Consumption\nAn attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2912", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2912" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2913", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1263", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1264", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1264" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15010.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15010.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88354", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.8829", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88298", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88313", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88336", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88342", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88353", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88344", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88358", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-g7q5-pjjr-gqvp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g7q5-pjjr-gqvp" }, { "reference_url": "https://github.com/salesforce/tough-cookie", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/salesforce/tough-cookie" }, { "reference_url": "https://github.com/salesforce/tough-cookie/commit/f1ed420a6a92ea7a5418df6e39e676556bc0c71d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/salesforce/tough-cookie/commit/f1ed420a6a92ea7a5418df6e39e676556bc0c71d" }, { "reference_url": "https://github.com/salesforce/tough-cookie/issues/92", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/salesforce/tough-cookie/issues/92" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/" }, { "reference_url": "https://nodesecurity.io/advisories/525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodesecurity.io/advisories/525" }, { "reference_url": "https://snyk.io/vuln/npm:tough-cookie:20170905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/npm:tough-cookie:20170905" }, { "reference_url": "https://www.npmjs.com/advisories/525", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/525" }, { "reference_url": "http://www.securityfocus.com/bid/101185", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/101185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493989", "reference_id": "1493989", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493989" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877660", "reference_id": "877660", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877660" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*", "reference_id": "cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15010", "reference_id": "CVE-2017-15010", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15010" } ], "fixed_packages": [], "aliases": [ "CVE-2017-15010", "GHSA-g7q5-pjjr-gqvp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am2z-v7gj-nqch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83981?format=api", "vulnerability_id": "VCID-db8x-2vgu-47gu", "summary": "RHMAP: SSRF via external_request feature of App Studio", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2675" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7553.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7553.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39715", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39858", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39837", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39886", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39864", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3981", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39878", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39887", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39854", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792", "reference_id": "1478792", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7553", "reference_id": "CVE-2017-7553", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2674", "reference_id": "RHSA-2017:2674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2674" } ], "fixed_packages": [], "aliases": [ "CVE-2017-7553" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db8x-2vgu-47gu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83979?format=api", "vulnerability_id": "VCID-tdkc-7dbb-uudh", "summary": "RHMAP Millicore IDE allows RCE on SCM", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2675" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7552.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7552.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7552", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59854", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60024", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60016", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.5993", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59956", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59926", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59976", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59989", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.6001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59995", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7552" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797", "reference_id": "1477797", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7552", "reference_id": "CVE-2017-7552", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2674", "reference_id": "RHSA-2017:2674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2674" } ], "fixed_packages": [], "aliases": [ "CVE-2017-7552" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdkc-7dbb-uudh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8998?format=api", "vulnerability_id": "VCID-yk3z-5fjt-q7gb", "summary": "Prototype Pollution in hoek\nVersions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution.\n\nThe `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property.\n\nThis can be demonstrated like so:\n\n```javascript\nvar Hoek = require('hoek');\nvar malicious_payload = '{\"__proto__\":{\"oops\":\"It works !\"}}';\n\nvar a = {};\nconsole.log(\"Before : \" + a.oops);\nHoek.merge({}, JSON.parse(malicious_payload));\nconsole.log(\"After : \" + a.oops);\n```\n\nThis type of attack can be used to overwrite existing properties causing a potential denial of service.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1263", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1264", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1264" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3728.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-3728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82135", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82185", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82148", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82162", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.8208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82112", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82109", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-3728" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3728" }, { "reference_url": "https://github.com/hapijs/hoek", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hapijs/hoek" }, { "reference_url": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee" }, { "reference_url": "https://github.com/hapijs/hoek/commit/5aed1a8c4a3d55722d1c799f2368857bf418d6df", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hapijs/hoek/commit/5aed1a8c4a3d55722d1c799f2368857bf418d6df" }, { "reference_url": "https://hackerone.com/reports/310439", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/310439" }, { "reference_url": "https://snyk.io/vuln/npm:hoek:20180212", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/npm:hoek:20180212" }, { "reference_url": "https://web.archive.org/web/20200227131737/https://www.securityfocus.com/bid/103108", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227131737/https://www.securityfocus.com/bid/103108" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893", "reference_id": "1545893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893" }, { "reference_url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/367.json", "reference_id": "367", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/367.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728", "reference_id": "CVE-2018-3728", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728" }, { "reference_url": "https://github.com/advisories/GHSA-jp4x-w63m-7wgm", "reference_id": "GHSA-jp4x-w63m-7wgm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jp4x-w63m-7wgm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3917", "reference_id": "RHSA-2021:3917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3917" } ], "fixed_packages": [], "aliases": [ "CVE-2018-3728", "GHSA-jp4x-w63m-7wgm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3z-5fjt-q7gb" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/redis@2.8.21-2%3Farch=el7map" }