Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/354950?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/354950?format=api", "purl": "pkg:apk/alpine/openjdk17@17.0.10_p7-r0?arch=s390x&distroversion=v3.21&reponame=community", "type": "apk", "namespace": "alpine", "name": "openjdk17", "version": "17.0.10_p7-r0", "qualifiers": { "arch": "s390x", "distroversion": "v3.21", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "17.0.11_p9-r0", "latest_non_vulnerable_version": "17.0.18_p8-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91464?format=api", "vulnerability_id": "VCID-3mtb-zvse-pqdb", "summary": "OpenJDK: arbitrary Java code execution in Nashorn (8314284)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20926.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20926.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48368", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257850", "reference_id": "2257850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257850" }, { "reference_url": "https://security.gentoo.org/glsa/202412-07", "reference_id": "GLSA-202412-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-07" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", "reference_id": "msg00023.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T16:03:46Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240201-0002/", "reference_id": "ntap-20240201-0002", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T16:03:46Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240201-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0222", "reference_id": "RHSA-2024:0222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0223", "reference_id": "RHSA-2024:0223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0224", "reference_id": "RHSA-2024:0224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0225", "reference_id": "RHSA-2024:0225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0226", "reference_id": "RHSA-2024:0226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0228", "reference_id": "RHSA-2024:0228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0230", "reference_id": "RHSA-2024:0230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0231", "reference_id": "RHSA-2024:0231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0232", "reference_id": "RHSA-2024:0232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0232" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0233", "reference_id": "RHSA-2024:0233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0234", "reference_id": "RHSA-2024:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0235", "reference_id": "RHSA-2024:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0237", "reference_id": "RHSA-2024:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0239", "reference_id": "RHSA-2024:0239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0265", "reference_id": "RHSA-2024:0265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0266", "reference_id": "RHSA-2024:0266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1481", "reference_id": "RHSA-2024:1481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1482", "reference_id": "RHSA-2024:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1482" }, { "reference_url": "https://usn.ubuntu.com/6660-1/", "reference_id": "USN-6660-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6660-1/" }, { "reference_url": "https://usn.ubuntu.com/6696-1/", "reference_id": "USN-6696-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6696-1/" }, { "reference_url": "https://usn.ubuntu.com/7096-1/", "reference_id": "USN-7096-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7096-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/354950?format=api", "purl": "pkg:apk/alpine/openjdk17@17.0.10_p7-r0?arch=s390x&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk17@17.0.10_p7-r0%3Farch=s390x&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-20926" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mtb-zvse-pqdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46392?format=api", "vulnerability_id": "VCID-e3cz-9mdx-cfhp", "summary": "Java: DoS Vulnerability in JSON-JAVA\nA denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\\` to escape special characters, including `\\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\\` characters in the escaped string.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5072.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5072.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71955", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5072" }, { "reference_url": "https://github.com/stleary/JSON-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java" }, { "reference_url": "https://github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb" }, { "reference_url": "https://github.com/stleary/JSON-java/issues/758", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:23:55Z/" } ], "url": "https://github.com/stleary/JSON-java/issues/758" }, { "reference_url": "https://github.com/stleary/JSON-java/issues/771", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:23:55Z/" } ], "url": "https://github.com/stleary/JSON-java/issues/771" }, { "reference_url": "https://github.com/stleary/JSON-java/pull/759", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/pull/759" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053882", "reference_id": "1053882", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053882" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053883", "reference_id": "1053883", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053883" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053884", "reference_id": "1053884", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053884" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417", "reference_id": "2246417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072", "reference_id": "CVE-2023-5072", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072" }, { "reference_url": "https://github.com/advisories/GHSA-4jq9-2xhw-jpx7", "reference_id": "GHSA-4jq9-2xhw-jpx7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4jq9-2xhw-jpx7" }, { "reference_url": "https://github.com/google/security-research/security/advisories/GHSA-4jq9-2xhw-jpx7", "reference_id": "GHSA-4jq9-2xhw-jpx7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/security-research/security/advisories/GHSA-4jq9-2xhw-jpx7" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0007/", "reference_id": "ntap-20240621-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-21T16:23:55Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7617", "reference_id": "RHSA-2023:7617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7678", "reference_id": "RHSA-2023:7678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7842", "reference_id": "RHSA-2023:7842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7845", "reference_id": "RHSA-2023:7845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0148", "reference_id": "RHSA-2024:0148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4271", "reference_id": "RHSA-2024:4271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4271" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/354950?format=api", "purl": "pkg:apk/alpine/openjdk17@17.0.10_p7-r0?arch=s390x&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk17@17.0.10_p7-r0%3Farch=s390x&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2023-5072", "GHSA-4jq9-2xhw-jpx7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3cz-9mdx-cfhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91452?format=api", "vulnerability_id": "VCID-jua2-s4g6-v3h2", "summary": "OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32282", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257720", "reference_id": "2257720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257720" }, { "reference_url": "https://security.gentoo.org/glsa/202412-07", "reference_id": "GLSA-202412-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-07" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240201-0002/", "reference_id": "ntap-20240201-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:51:25Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240201-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0240", "reference_id": "RHSA-2024:0240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0241", "reference_id": "RHSA-2024:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0242", "reference_id": "RHSA-2024:0242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0244", "reference_id": "RHSA-2024:0244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0246", "reference_id": "RHSA-2024:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0267", "reference_id": "RHSA-2024:0267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0267" }, { "reference_url": "https://usn.ubuntu.com/6661-1/", "reference_id": "USN-6661-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6661-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/354950?format=api", "purl": "pkg:apk/alpine/openjdk17@17.0.10_p7-r0?arch=s390x&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk17@17.0.10_p7-r0%3Farch=s390x&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-20932" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jua2-s4g6-v3h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91468?format=api", "vulnerability_id": "VCID-ka8g-1h5k-2qbj", "summary": "OpenJDK: range check loop optimization issue (8314307)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20921.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20921.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44728", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257859", "reference_id": "2257859", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257859" }, { "reference_url": "https://security.gentoo.org/glsa/202412-07", "reference_id": "GLSA-202412-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0222", "reference_id": "RHSA-2024:0222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0223", "reference_id": "RHSA-2024:0223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0224", "reference_id": "RHSA-2024:0224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0225", "reference_id": "RHSA-2024:0225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0226", "reference_id": "RHSA-2024:0226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0228", "reference_id": "RHSA-2024:0228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0230", "reference_id": "RHSA-2024:0230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0231", "reference_id": "RHSA-2024:0231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0232", "reference_id": "RHSA-2024:0232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0232" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0233", "reference_id": "RHSA-2024:0233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0234", "reference_id": "RHSA-2024:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0235", "reference_id": "RHSA-2024:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0237", "reference_id": "RHSA-2024:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0239", "reference_id": "RHSA-2024:0239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0240", "reference_id": "RHSA-2024:0240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0241", "reference_id": "RHSA-2024:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0242", "reference_id": "RHSA-2024:0242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0244", "reference_id": "RHSA-2024:0244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0246", "reference_id": "RHSA-2024:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0247", "reference_id": "RHSA-2024:0247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0248", "reference_id": "RHSA-2024:0248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0249", "reference_id": "RHSA-2024:0249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0250", "reference_id": "RHSA-2024:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0265", "reference_id": "RHSA-2024:0265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0266", "reference_id": "RHSA-2024:0266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0267", "reference_id": "RHSA-2024:0267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1481", "reference_id": "RHSA-2024:1481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1482", "reference_id": "RHSA-2024:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1482" }, { "reference_url": "https://usn.ubuntu.com/6660-1/", "reference_id": "USN-6660-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6660-1/" }, { "reference_url": "https://usn.ubuntu.com/6661-1/", "reference_id": "USN-6661-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6661-1/" }, { "reference_url": "https://usn.ubuntu.com/6662-1/", "reference_id": "USN-6662-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6662-1/" }, { "reference_url": "https://usn.ubuntu.com/6696-1/", "reference_id": "USN-6696-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6696-1/" }, { "reference_url": "https://usn.ubuntu.com/7096-1/", "reference_id": "USN-7096-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7096-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/354950?format=api", "purl": "pkg:apk/alpine/openjdk17@17.0.10_p7-r0?arch=s390x&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk17@17.0.10_p7-r0%3Farch=s390x&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-20921" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ka8g-1h5k-2qbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91465?format=api", "vulnerability_id": "VCID-t82y-9a1j-6few", "summary": "OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.3619", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257853", "reference_id": "2257853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257853" }, { "reference_url": "https://security.gentoo.org/glsa/202412-07", "reference_id": "GLSA-202412-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0222", "reference_id": "RHSA-2024:0222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0223", "reference_id": "RHSA-2024:0223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0224", "reference_id": "RHSA-2024:0224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0225", "reference_id": "RHSA-2024:0225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0226", "reference_id": "RHSA-2024:0226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0228", "reference_id": "RHSA-2024:0228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0230", "reference_id": "RHSA-2024:0230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0231", "reference_id": "RHSA-2024:0231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0232", "reference_id": "RHSA-2024:0232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0232" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0233", "reference_id": "RHSA-2024:0233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0234", "reference_id": "RHSA-2024:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0235", "reference_id": "RHSA-2024:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0237", "reference_id": "RHSA-2024:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0239", "reference_id": "RHSA-2024:0239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0240", "reference_id": "RHSA-2024:0240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0241", "reference_id": "RHSA-2024:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0242", "reference_id": "RHSA-2024:0242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0244", "reference_id": "RHSA-2024:0244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0246", "reference_id": "RHSA-2024:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0247", "reference_id": "RHSA-2024:0247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0248", "reference_id": "RHSA-2024:0248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0249", "reference_id": "RHSA-2024:0249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0250", "reference_id": "RHSA-2024:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0265", "reference_id": "RHSA-2024:0265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0266", "reference_id": "RHSA-2024:0266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0267", "reference_id": "RHSA-2024:0267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0267" }, { "reference_url": "https://usn.ubuntu.com/6660-1/", "reference_id": "USN-6660-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6660-1/" }, { "reference_url": "https://usn.ubuntu.com/6661-1/", "reference_id": "USN-6661-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6661-1/" }, { "reference_url": "https://usn.ubuntu.com/6662-1/", "reference_id": "USN-6662-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6662-1/" }, { "reference_url": "https://usn.ubuntu.com/6696-1/", "reference_id": "USN-6696-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6696-1/" }, { "reference_url": "https://usn.ubuntu.com/7096-1/", "reference_id": "USN-7096-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7096-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/354950?format=api", "purl": "pkg:apk/alpine/openjdk17@17.0.10_p7-r0?arch=s390x&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk17@17.0.10_p7-r0%3Farch=s390x&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-20919" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t82y-9a1j-6few" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91459?format=api", "vulnerability_id": "VCID-xk5g-kcya-fycf", "summary": "OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20952.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20952.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55353", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20952" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257837", "reference_id": "2257837", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257837" }, { "reference_url": "https://security.gentoo.org/glsa/202412-07", "reference_id": "GLSA-202412-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-07" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", "reference_id": "msg00023.html", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-25T05:01:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240201-0002/", "reference_id": "ntap-20240201-0002", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-25T05:01:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240201-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0222", "reference_id": "RHSA-2024:0222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0223", "reference_id": "RHSA-2024:0223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0224", "reference_id": "RHSA-2024:0224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0225", "reference_id": "RHSA-2024:0225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0226", "reference_id": "RHSA-2024:0226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0228", "reference_id": "RHSA-2024:0228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0230", "reference_id": "RHSA-2024:0230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0231", "reference_id": "RHSA-2024:0231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0232", "reference_id": "RHSA-2024:0232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0232" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0233", "reference_id": "RHSA-2024:0233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0234", "reference_id": "RHSA-2024:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0235", "reference_id": "RHSA-2024:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0237", "reference_id": "RHSA-2024:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0239", "reference_id": "RHSA-2024:0239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0240", "reference_id": "RHSA-2024:0240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0241", "reference_id": "RHSA-2024:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0242", "reference_id": "RHSA-2024:0242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0244", "reference_id": "RHSA-2024:0244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0246", "reference_id": "RHSA-2024:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0247", "reference_id": "RHSA-2024:0247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0248", "reference_id": "RHSA-2024:0248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0249", "reference_id": "RHSA-2024:0249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0250", "reference_id": "RHSA-2024:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0265", "reference_id": "RHSA-2024:0265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0266", "reference_id": "RHSA-2024:0266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0267", "reference_id": "RHSA-2024:0267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1481", "reference_id": "RHSA-2024:1481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1482", "reference_id": "RHSA-2024:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1482" }, { "reference_url": "https://usn.ubuntu.com/6660-1/", "reference_id": "USN-6660-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6660-1/" }, { "reference_url": "https://usn.ubuntu.com/6661-1/", "reference_id": "USN-6661-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6661-1/" }, { "reference_url": "https://usn.ubuntu.com/6662-1/", "reference_id": "USN-6662-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6662-1/" }, { "reference_url": "https://usn.ubuntu.com/6696-1/", "reference_id": "USN-6696-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6696-1/" }, { "reference_url": "https://usn.ubuntu.com/7096-1/", "reference_id": "USN-7096-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7096-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/354950?format=api", "purl": "pkg:apk/alpine/openjdk17@17.0.10_p7-r0?arch=s390x&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk17@17.0.10_p7-r0%3Farch=s390x&distroversion=v3.21&reponame=community" } ], "aliases": [ "CVE-2024-20952" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xk5g-kcya-fycf" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk17@17.0.10_p7-r0%3Farch=s390x&distroversion=v3.21&reponame=community" }