Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1?arch=el9eap

Type rpm

Namespace redhat

Name eap7-wildfly

Version 7.4.13-8.GA_redhat_00001.1

Qualifiers

arch	el9eap

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-fw6d-67pk-tkhz

vulnerability_id

VCID-fw6d-67pk-tkhz

summary

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26136.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26136.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26136

reference_id

reference_type

scores

value	0.06248
scoring_system	epss
scoring_elements	0.91065
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26136

reference_url

https://github.com/salesforce/tough-cookie

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/salesforce/tough-cookie

reference_url

https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e

reference_url

https://github.com/salesforce/tough-cookie/issues/282

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/salesforce/tough-cookie/issues/282

reference_url

https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219310
reference_id	2219310
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219310

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26136

reference_id

CVE-2023-26136

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26136

reference_url	https://access.redhat.com/errata/RHSA-2023:3998
reference_id	RHSA-2023:3998
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3998

reference_url	https://access.redhat.com/errata/RHSA-2023:5006
reference_id	RHSA-2023:5006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5006

reference_url	https://access.redhat.com/errata/RHSA-2023:5541
reference_id	RHSA-2023:5541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5541

reference_url	https://access.redhat.com/errata/RHSA-2023:5542
reference_id	RHSA-2023:5542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5542

reference_url	https://access.redhat.com/errata/RHSA-2023:7222
reference_id	RHSA-2023:7222
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7222

reference_url	https://access.redhat.com/errata/RHSA-2024:8676
reference_id	RHSA-2024:8676
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8676

reference_url	https://access.redhat.com/errata/RHSA-2025:0082
reference_id	RHSA-2025:0082
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0082

reference_url	https://access.redhat.com/errata/RHSA-2025:0164
reference_id	RHSA-2025:0164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0164

reference_url	https://access.redhat.com/errata/RHSA-2025:0323
reference_id	RHSA-2025:0323
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0323

fixed_packages

aliases

CVE-2023-26136, GHSA-72xf-g2v4-qvf3

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fw6d-67pk-tkhz

url

VCID-h4pp-n8w2-gkhr

vulnerability_id

VCID-h4pp-n8w2-gkhr

summary

Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26464

reference_id

reference_type

scores

value	0.00125
scoring_system	epss
scoring_elements	0.31277
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26464

reference_url

https://github.com/apache/logging-log4j2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/logging-log4j2

reference_url

https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t

reference_url

https://security.netapp.com/advisory/ntap-20230505-0008

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230505-0008

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2182864
reference_id	2182864
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2182864

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26464

reference_id

CVE-2023-26464

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26464

reference_url	https://github.com/advisories/GHSA-vp98-w2p3-mv35
reference_id	GHSA-vp98-w2p3-mv35
reference_type
scores
url	https://github.com/advisories/GHSA-vp98-w2p3-mv35

reference_url	https://access.redhat.com/errata/RHSA-2023:3663
reference_id	RHSA-2023:3663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3663

fixed_packages

aliases

CVE-2023-26464, GHSA-vp98-w2p3-mv35

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-h4pp-n8w2-gkhr

url

VCID-hu38-keee-9uaz

vulnerability_id

VCID-hu38-keee-9uaz

summary

semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25883.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25883.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25883

reference_id

reference_type

scores

value	0.00598
scoring_system	epss
scoring_elements	0.69774
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25883

reference_url

https://github.com/npm/node-semver

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver

reference_url

https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104

reference_url

https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104

reference_url

https://github.com/npm/node-semver/blob/main/internal/re.js%23L138

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/internal/re.js%23L138

reference_url

https://github.com/npm/node-semver/blob/main/internal/re.js%23L160

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/internal/re.js%23L160

reference_url

https://github.com/npm/node-semver/blob/main/internal/re.js#L138

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/internal/re.js#L138

reference_url

https://github.com/npm/node-semver/blob/main/internal/re.js#L160

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/internal/re.js#L160

reference_url

https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0

reference_url

https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

reference_url

https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c

reference_url

https://github.com/npm/node-semver/pull/564

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/pull/564

reference_url

https://github.com/npm/node-semver/pull/585

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/pull/585

reference_url

https://github.com/npm/node-semver/pull/593

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/pull/593

reference_url

https://security.netapp.com/advisory/ntap-20241025-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241025-0004

reference_url

https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2216475
reference_id	2216475
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2216475

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25883

reference_id

CVE-2022-25883

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25883

reference_url	https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
reference_id	GHSA-c2qf-rxjj-qqgw
reference_type
scores
url	https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

reference_url	https://access.redhat.com/errata/RHSA-2023:4341
reference_id	RHSA-2023:4341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4341

reference_url	https://access.redhat.com/errata/RHSA-2023:5360
reference_id	RHSA-2023:5360
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5360

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5362
reference_id	RHSA-2023:5362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5362

reference_url	https://access.redhat.com/errata/RHSA-2023:5363
reference_id	RHSA-2023:5363
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5363

reference_url	https://access.redhat.com/errata/RHSA-2023:5379
reference_id	RHSA-2023:5379
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5379

reference_url	https://access.redhat.com/errata/RHSA-2023:7222
reference_id	RHSA-2023:7222
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7222

reference_url	https://access.redhat.com/errata/RHSA-2024:0719
reference_id	RHSA-2024:0719
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0719

reference_url	https://access.redhat.com/errata/RHSA-2024:5955
reference_id	RHSA-2024:5955
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5955

reference_url	https://access.redhat.com/errata/RHSA-2024:6044
reference_id	RHSA-2024:6044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6044

reference_url	https://access.redhat.com/errata/RHSA-2025:19094
reference_id	RHSA-2025:19094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19094

fixed_packages

aliases

CVE-2022-25883, GHSA-c2qf-rxjj-qqgw

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-hu38-keee-9uaz

url

VCID-s3b8-dj8z-7fgf

vulnerability_id

VCID-s3b8-dj8z-7fgf

summary

wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:5484

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5484

reference_url

https://access.redhat.com/errata/RHSA-2023:5485

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5485

reference_url

https://access.redhat.com/errata/RHSA-2023:5486

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5486

reference_url

https://access.redhat.com/errata/RHSA-2023:5488

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5488

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4061.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4061.json

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2228608

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2228608

reference_url

https://github.com/wildfly/wildfly-core

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wildfly/wildfly-core

reference_url

https://github.com/wildfly/wildfly-core/commit/25728f370c2e90969854717ba4bb5182727f3f49

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wildfly/wildfly-core/commit/25728f370c2e90969854717ba4bb5182727f3f49

reference_url

https://github.com/wildfly/wildfly-core/pull/5703

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wildfly/wildfly-core/pull/5703

reference_url

https://access.redhat.com/security/cve/CVE-2023-4061

reference_id

CVE-2023-4061

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2023-4061

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-4061

reference_id

CVE-2023-4061

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-4061

reference_url	https://github.com/advisories/GHSA-26qx-4m49-6cfr
reference_id	GHSA-26qx-4m49-6cfr
reference_type
scores
url	https://github.com/advisories/GHSA-26qx-4m49-6cfr

fixed_packages

aliases

CVE-2023-4061, GHSA-26qx-4m49-6cfr

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-s3b8-dj8z-7fgf

url

VCID-ymxg-kktw-gka9

vulnerability_id

VCID-ymxg-kktw-gka9

summary

eap-7: heap exhaustion via deserialization

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2213639
reference_id	2213639
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2213639

fixed_packages

aliases

CVE-2023-3171

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ymxg-kktw-gka9

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1%3Farch=el9eap

Package Instance