Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4
Typedeb
Namespacedebian
Nameerlang
Version1:25.2.3+dfsg-1+deb12u4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1:27.3.4.12+dfsg-1
Latest_non_vulnerable_version1:27.3.4.12+dfsg-1
Affected_by_vulnerabilities
0
url VCID-1py9-5tap-d7fv
vulnerability_id VCID-1py9-5tap-d7fv
summary Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_cert.erl, pubkey_cert:validate_extensions/7 contains two flaws that together allow a certificate with basicConstraints cA:false and no keyUsage extension to be used as an intermediate issuer in a chain passed to public_key:pkix_path_validation/3: the cA:false clause recurses into the remaining extensions without rejecting the certificate when it is in issuer position, and the keyUsage check only fires when the extension is present, so a certificate lacking keyUsage entirely bypasses the keyCertSign enforcement. Any party holding an end-entity certificate with basicConstraints cA:false and no keyUsage extension, issued by any CA in the victim's trust store, can use that certificate's private key to sign forged leaf certificates for arbitrary identities. public_key:pkix_path_validation/3 accepts the resulting chain, and by extension every TLS or mTLS endpoint built on the OTP ssl application that relies on the default verifier is affected, including server identity verification on the client side and client certificate verification on mTLS servers. This issue affects OTP from OTP 17.0 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 0.22 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42789
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08507
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42789
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42789
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/erlang/otp/commit/471cd2f664300a95353c467873800bbe706005db
reference_id 471cd2f664300a95353c467873800bbe706005db
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/
url https://github.com/erlang/otp/commit/471cd2f664300a95353c467873800bbe706005db
4
reference_url https://github.com/erlang/otp/commit/59c8d824386b2eb1614ff9340624843ef6aca0fd
reference_id 59c8d824386b2eb1614ff9340624843ef6aca0fd
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/
url https://github.com/erlang/otp/commit/59c8d824386b2eb1614ff9340624843ef6aca0fd
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
6
reference_url https://cna.erlef.org/cves/CVE-2026-42789.html
reference_id CVE-2026-42789.html
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/
url https://cna.erlef.org/cves/CVE-2026-42789.html
7
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-42789
reference_id EEF-CVE-2026-42789
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-42789
8
reference_url https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq
reference_id GHSA-c99q-jmpx-v8qq
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/
url https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq
9
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1
aliases CVE-2026-42789
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1py9-5tap-d7fv
1
url VCID-4ny1-ztaq-yudj
vulnerability_id VCID-4ny1-ztaq-yudj
summary erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28810
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14848
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28810
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28810
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455868
reference_id 2455868
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455868
5
reference_url https://github.com/erlang/otp/commit/36f23c9d2cc54afe83671dd7343596d7972839a5
reference_id 36f23c9d2cc54afe83671dd7343596d7972839a5
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://github.com/erlang/otp/commit/36f23c9d2cc54afe83671dd7343596d7972839a5
6
reference_url https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8
reference_id b057a9d995017b1be50d6dc02edd52382f3231b8
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
8
reference_url https://cna.erlef.org/cves/CVE-2026-28810.html
reference_id CVE-2026-28810.html
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://cna.erlef.org/cves/CVE-2026-28810.html
9
reference_url https://github.com/erlang/otp/commit/dd15e8eb03548c5e55e9915f0e91389ec6bad9fd
reference_id dd15e8eb03548c5e55e9915f0e91389ec6bad9fd
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://github.com/erlang/otp/commit/dd15e8eb03548c5e55e9915f0e91389ec6bad9fd
10
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-28810
reference_id EEF-CVE-2026-28810
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-28810
11
reference_url https://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8
reference_id GHSA-v884-5jg5-whj8
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8
12
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7
purl pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1py9-5tap-d7fv
1
vulnerability VCID-7xvh-aqcu-uyb4
2
vulnerability VCID-8a5v-tu8j-7kfe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7
aliases CVE-2026-28810
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ny1-ztaq-yudj
2
url VCID-8a5v-tu8j-7kfe
vulnerability_id VCID-8a5v-tu8j-7kfe
summary Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42790
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08507
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42790
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42790
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759
reference_id 0769050c69d73762672b0db1347b6993a5b31759
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/
url https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759
4
reference_url https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a
reference_id 21abed64eb2026b5f82f432709e4e932f9be389a
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/
url https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
6
reference_url https://cna.erlef.org/cves/CVE-2026-42790.html
reference_id CVE-2026-42790.html
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/
url https://cna.erlef.org/cves/CVE-2026-42790.html
7
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-42790
reference_id EEF-CVE-2026-42790
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-42790
8
reference_url https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457
reference_id fb67c6d1836f51105a96d8b769e71e4215a79457
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/
url https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457
9
reference_url https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447
reference_id GHSA-22cw-4ph4-6447
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/
url https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447
10
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1
purl pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1
aliases CVE-2026-42790
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8a5v-tu8j-7kfe
3
url VCID-h7x2-fxke-tkdp
vulnerability_id VCID-h7x2-fxke-tkdp
summary erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000107
reference_id
reference_type
scores
0
value 0.00399
scoring_system epss
scoring_elements 0.60933
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000107
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000107
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000107
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086
reference_id 1115086
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1824460
reference_id 1824460
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1824460
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2
purl pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1py9-5tap-d7fv
1
vulnerability VCID-4ny1-ztaq-yudj
2
vulnerability VCID-4qr6-9z6u-ekb3
3
vulnerability VCID-7xvh-aqcu-uyb4
4
vulnerability VCID-8a5v-tu8j-7kfe
5
vulnerability VCID-qqzg-7f84-4fhz
6
vulnerability VCID-ws6x-zs8f-b3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2
aliases CVE-2016-1000107
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h7x2-fxke-tkdp
4
url VCID-qqzg-7f84-4fhz
vulnerability_id VCID-qqzg-7f84-4fhz
summary Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in file handles instead of the chroot-resolved path. When SSH_FXP_FSETSTAT is issued on such a handle, file attributes (permissions, ownership, timestamps) are modified on the real filesystem path, bypassing the root directory boundary entirely. Any authenticated SFTP user on a server configured with the root option can modify file attributes of files outside the intended chroot boundary. The prerequisite is that a target file must exist on the real filesystem at the same relative path. Note that this vulnerability only allows modification of file attributes; file contents cannot be read or altered through this attack vector. If the SSH daemon runs as root, this enables direct privilege escalation: an attacker can set the setuid bit on any binary, change ownership of sensitive files, or make system configuration world-writable. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:do_open/4 and ssh_sftpd:handle_op/4. This issue affects OTP from OTP 17.0 until OTP 28.4.3, 27.3.4.11, and 26.2.5.20 corresponding to ssh from 3.01 until 5.5.3, 5.2.11.7, and 5.1.4.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32147
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05173
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32147
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32147
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004
reference_id 28c5d5a6c5f873dc701b597276271763e7d1c004
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
5
reference_url https://cna.erlef.org/cves/CVE-2026-32147.html
reference_id CVE-2026-32147.html
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://cna.erlef.org/cves/CVE-2026-32147.html
6
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-32147
reference_id EEF-CVE-2026-32147
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-32147
7
reference_url https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5
reference_id GHSA-28jg-mw9x-hpm5
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5
8
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7
purl pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1py9-5tap-d7fv
1
vulnerability VCID-7xvh-aqcu-uyb4
2
vulnerability VCID-8a5v-tu8j-7kfe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7
aliases CVE-2026-32147
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqzg-7f84-4fhz
5
url VCID-ws6x-zs8f-b3d5
vulnerability_id VCID-ws6x-zs8f-b3d5
summary erlang/otp: inets: Erlang OTP inets modules: Unauthenticated access to protected CGI scripts via incorrect authorization
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28808
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11236
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28808
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28808
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28808
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455909
reference_id 2455909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455909
5
reference_url https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688
reference_id 8fc71ac6af4fbcc54103bec2983ef22e82942688
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688
6
reference_url https://github.com/erlang/otp/commit/9dfa0c51eac97866078e808dec2183cb7871ff7c
reference_id 9dfa0c51eac97866078e808dec2183cb7871ff7c
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://github.com/erlang/otp/commit/9dfa0c51eac97866078e808dec2183cb7871ff7c
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
8
reference_url https://cna.erlef.org/cves/CVE-2026-28808.html
reference_id CVE-2026-28808.html
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://cna.erlef.org/cves/CVE-2026-28808.html
9
reference_url https://osv.dev/vulnerability/EEF-CVE-2026-28808
reference_id EEF-CVE-2026-28808
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://osv.dev/vulnerability/EEF-CVE-2026-28808
10
reference_url https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f
reference_id GHSA-3vhp-h532-mc3f
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f
11
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7
purl pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1py9-5tap-d7fv
1
vulnerability VCID-7xvh-aqcu-uyb4
2
vulnerability VCID-8a5v-tu8j-7kfe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7
aliases CVE-2026-28808
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ws6x-zs8f-b3d5
Fixing_vulnerabilities
0
url VCID-5vxe-1smj-fyck
vulnerability_id VCID-5vxe-1smj-fyck
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46712
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61328
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46712
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46712
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46712
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104963
reference_id 1104963
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104963
3
reference_url https://github.com/erlang/otp/commit/e4b56a9f4a511aa9990dd86c16c61439c828df83
reference_id e4b56a9f4a511aa9990dd86c16c61439c828df83
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/
url https://github.com/erlang/otp/commit/e4b56a9f4a511aa9990dd86c16c61439c828df83
4
reference_url https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf
reference_id GHSA-934x-xq38-hhqf
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/
url https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf
5
reference_url https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21
reference_id OTP-25.3.2.21
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/
url https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21
6
reference_url https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12
reference_id OTP-26.2.5.12
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/
url https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12
7
reference_url https://github.com/erlang/otp/releases/tag/OTP-27.3.4
reference_id OTP-27.3.4
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/
url https://github.com/erlang/otp/releases/tag/OTP-27.3.4
8
reference_url https://usn.ubuntu.com/7656-1/
reference_id USN-7656-1
reference_type
scores
url https://usn.ubuntu.com/7656-1/
fixed_packages
0
url pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4
purl pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1py9-5tap-d7fv
1
vulnerability VCID-4ny1-ztaq-yudj
2
vulnerability VCID-8a5v-tu8j-7kfe
3
vulnerability VCID-h7x2-fxke-tkdp
4
vulnerability VCID-qqzg-7f84-4fhz
5
vulnerability VCID-ws6x-zs8f-b3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4
aliases CVE-2025-46712
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vxe-1smj-fyck
1
url VCID-d2mt-nbtf-b3fy
vulnerability_id VCID-d2mt-nbtf-b3fy
summary erlang: Erlang Excessive Resource Consumption
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48040
reference_id
reference_type
scores
0
value 0.00214
scoring_system epss
scoring_elements 0.43946
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48040
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48040
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48040
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/erlang/otp/pull/10162
reference_id 10162
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://github.com/erlang/otp/pull/10162
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091
reference_id 1115091
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394521
reference_id 2394521
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394521
7
reference_url https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a
reference_id 548f1295d86d0803da884db8685cc16d461d0d5a
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a
8
reference_url https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a
reference_id 7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
10
reference_url https://cna.erlef.org/cves/CVE-2025-48040.html
reference_id CVE-2025-48040.html
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://cna.erlef.org/cves/CVE-2025-48040.html
11
reference_url https://osv.dev/vulnerability/EEF-CVE-2025-48040
reference_id EEF-CVE-2025-48040
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://osv.dev/vulnerability/EEF-CVE-2025-48040
12
reference_url https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph
reference_id GHSA-h7rg-6rjg-4cph
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph
13
reference_url https://usn.ubuntu.com/7831-1/
reference_id USN-7831-1
reference_type
scores
url https://usn.ubuntu.com/7831-1/
14
reference_url https://www.erlang.org/doc/system/versions.html#order-of-versions
reference_id versions.html#order-of-versions
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/
url https://www.erlang.org/doc/system/versions.html#order-of-versions
fixed_packages
0
url pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4
purl pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1py9-5tap-d7fv
1
vulnerability VCID-4ny1-ztaq-yudj
2
vulnerability VCID-8a5v-tu8j-7kfe
3
vulnerability VCID-h7x2-fxke-tkdp
4
vulnerability VCID-qqzg-7f84-4fhz
5
vulnerability VCID-ws6x-zs8f-b3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4
aliases CVE-2025-48040
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2mt-nbtf-b3fy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4