Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/tfm-rubygem-algebrick@0.7.3-4?arch=el7sat

Type rpm

Namespace redhat

Name tfm-rubygem-algebrick

Version 0.7.3-4

Qualifiers

arch	el7sat

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-724w-x63u-zfe4

vulnerability_id VCID-724w-x63u-zfe4

summary foreman: Unprivileged user can access private bookmarks of other users

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2100.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2100.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2100

reference_id

reference_type

scores

value	0.00201
scoring_system	epss
scoring_elements	0.42137
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2100

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1310675
reference_id	1310675
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1310675

fixed_packages

aliases CVE-2016-2100

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-724w-x63u-zfe4

url VCID-76a8-vzjq-c7ep

vulnerability_id VCID-76a8-vzjq-c7ep

summary qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0224.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0224.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0224

reference_id

reference_type

scores

value	0.5601
scoring_system	epss
scoring_elements	0.98138
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0224

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1186302
reference_id	1186302
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1186302

reference_url	https://access.redhat.com/errata/RHSA-2015:0660
reference_id	RHSA-2015:0660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0660

reference_url	https://access.redhat.com/errata/RHSA-2015:0661
reference_id	RHSA-2015:0661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0661

reference_url	https://access.redhat.com/errata/RHSA-2015:0662
reference_id	RHSA-2015:0662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0662

reference_url	https://access.redhat.com/errata/RHSA-2015:0707
reference_id	RHSA-2015:0707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0707

reference_url	https://access.redhat.com/errata/RHSA-2015:0708
reference_id	RHSA-2015:0708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0708

fixed_packages

aliases CVE-2015-0224

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76a8-vzjq-c7ep

url VCID-9jm3-rkd6-67c1

vulnerability_id VCID-9jm3-rkd6-67c1

summary python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns

references

reference_url	http://bugs.python.org/issue17980
reference_id
reference_type
scores
url	http://bugs.python.org/issue17980

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2099

reference_id

reference_type

scores

value	0.02979
scoring_system	epss
scoring_elements	0.86753
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2099

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2099
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2099

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2099
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2099

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709066
reference_id	709066
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709066

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709067
reference_id	709067
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709067

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068
reference_id	709068
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709069
reference_id	709069
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709069

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709070
reference_id	709070
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709070

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=963260
reference_id	963260
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=963260

reference_url	https://security.gentoo.org/glsa/201401-04
reference_id	GLSA-201401-04
reference_type
scores
url	https://security.gentoo.org/glsa/201401-04

reference_url	https://access.redhat.com/errata/RHSA-2014:1263
reference_id	RHSA-2014:1263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1263

reference_url	https://access.redhat.com/errata/RHSA-2014:1690
reference_id	RHSA-2014:1690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1690

reference_url	https://access.redhat.com/errata/RHSA-2015:0042
reference_id	RHSA-2015:0042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0042

reference_url	https://access.redhat.com/errata/RHSA-2016:1166
reference_id	RHSA-2016:1166
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1166

reference_url	https://usn.ubuntu.com/1983-1/
reference_id	USN-1983-1
reference_type
scores
url	https://usn.ubuntu.com/1983-1/

reference_url	https://usn.ubuntu.com/1984-1/
reference_id	USN-1984-1
reference_type
scores
url	https://usn.ubuntu.com/1984-1/

reference_url	https://usn.ubuntu.com/1985-1/
reference_id	USN-1985-1
reference_type
scores
url	https://usn.ubuntu.com/1985-1/

fixed_packages

aliases CVE-2013-2099

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jm3-rkd6-67c1

url VCID-cpa7-kedk-eybb

vulnerability_id VCID-cpa7-kedk-eybb

summary qpid-cpp: anonymous access to qpidd cannot be prevented

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0223.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0223.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0223

reference_id

reference_type

scores

value	0.02275
scoring_system	epss
scoring_elements	0.84925
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0223

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1186308
reference_id	1186308
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1186308

reference_url	https://access.redhat.com/errata/RHSA-2015:0660
reference_id	RHSA-2015:0660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0660

reference_url	https://access.redhat.com/errata/RHSA-2015:0661
reference_id	RHSA-2015:0661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0661

reference_url	https://access.redhat.com/errata/RHSA-2015:0662
reference_id	RHSA-2015:0662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0662

reference_url	https://access.redhat.com/errata/RHSA-2015:0707
reference_id	RHSA-2015:0707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0707

reference_url	https://access.redhat.com/errata/RHSA-2015:0708
reference_id	RHSA-2015:0708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0708

fixed_packages

aliases CVE-2015-0223

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cpa7-kedk-eybb

url VCID-mwaj-9max-2ka2

vulnerability_id VCID-mwaj-9max-2ka2

summary qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0203.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0203.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0203

reference_id

reference_type

scores

value	0.16987
scoring_system	epss
scoring_elements	0.95087
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0203

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1181721
reference_id	1181721
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1181721

reference_url	https://access.redhat.com/errata/RHSA-2015:0660
reference_id	RHSA-2015:0660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0660

reference_url	https://access.redhat.com/errata/RHSA-2015:0661
reference_id	RHSA-2015:0661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0661

reference_url	https://access.redhat.com/errata/RHSA-2015:0662
reference_id	RHSA-2015:0662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0662

reference_url	https://access.redhat.com/errata/RHSA-2015:0707
reference_id	RHSA-2015:0707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0707

reference_url	https://access.redhat.com/errata/RHSA-2015:0708
reference_id	RHSA-2015:0708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0708

fixed_packages

aliases CVE-2015-0203

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwaj-9max-2ka2

url VCID-nf83-z2xy-5yae

vulnerability_id VCID-nf83-z2xy-5yae

summary v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.146

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6668.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6668.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6668

reference_id

reference_type

scores

value	0.1282
scoring_system	epss
scoring_elements	0.94139
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1700
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1700

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1701
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1701

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1702
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1702

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1703
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1713
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1713

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1715

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1074737
reference_id	1074737
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1074737

reference_url	https://security.gentoo.org/glsa/201403-01
reference_id	GLSA-201403-01
reference_type
scores
url	https://security.gentoo.org/glsa/201403-01

reference_url	https://access.redhat.com/errata/RHSA-2014:1744
reference_id	RHSA-2014:1744
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1744

fixed_packages

aliases CVE-2013-6668

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nf83-z2xy-5yae

url VCID-rg39-bur5-67e3

vulnerability_id VCID-rg39-bur5-67e3

summary

Rack vulnerable to Denial of Service via large parameter depth request
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html

reference_url

http://openwall.com/lists/oss-security/2015/06/16/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2015/06/16/14

reference_url

http://rhn.redhat.com/errata/RHSA-2015-2290.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-2290.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3225

reference_id

reference_type

scores

value	0.13251
scoring_system	epss
scoring_elements	0.94266
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225

reference_url

https://github.com/rack/rack

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack

reference_url

https://github.com/rack/rack/blob/master/HISTORY.md

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack/blob/master/HISTORY.md

reference_url	https://github.com/rack/rack/commits/1.4.6
reference_id
reference_type
scores
url	https://github.com/rack/rack/commits/1.4.6

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3225

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3225

reference_url

http://www.debian.org/security/2015/dsa-3322

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3322

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1232292
reference_id	1232292
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1232292

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311
reference_id	789311
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311

reference_url

https://github.com/advisories/GHSA-rgr4-9jh5-j4j6

reference_id

GHSA-rgr4-9jh5-j4j6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rgr4-9jh5-j4j6

reference_url	https://access.redhat.com/errata/RHSA-2015:2290
reference_id	RHSA-2015:2290
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2290

fixed_packages

aliases CVE-2015-3225, GHSA-rgr4-9jh5-j4j6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rg39-bur5-67e3

url VCID-s95s-ucv6-p3gz

vulnerability_id VCID-s95s-ucv6-p3gz

summary

Moderate severity vulnerability that affects org.apache.qpid:proton-j
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html

reference_url

http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html

reference_url

http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2166

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50739
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2166

reference_url

https://github.com/advisories/GHSA-f5cf-f7px-xpmh

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-f5cf-f7px-xpmh

reference_url

https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585

reference_url

https://issues.apache.org/jira/browse/PROTON-1157

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/PROTON-1157

reference_url

https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2166

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2166

reference_url

http://www.securityfocus.com/archive/1/537864/100/0/threaded

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/archive/1/537864/100/0/threaded

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1320842
reference_id	1320842
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1320842

fixed_packages

aliases CVE-2016-2166, GHSA-f5cf-f7px-xpmh

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s95s-ucv6-p3gz

url VCID-x8e4-h85b-4bcr

vulnerability_id VCID-x8e4-h85b-4bcr

summary mongodb: DoS due to improper BSON validation

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1609.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1609.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1609

reference_id

reference_type

scores

value	0.01693
scoring_system	epss
scoring_elements	0.82563
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1609

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1200446
reference_id	1200446
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1200446

reference_url	https://security.gentoo.org/glsa/201611-13
reference_id	GLSA-201611-13
reference_type
scores
url	https://security.gentoo.org/glsa/201611-13

fixed_packages

aliases CVE-2015-1609

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x8e4-h85b-4bcr

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tfm-rubygem-algebrick@0.7.3-4%3Farch=el7sat

Package Instance