Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/388992?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "type": "apk", "namespace": "alpine", "name": "cacti", "version": "1.2.27-r0", "qualifiers": { "arch": "riscv64", "distroversion": "v3.23", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.2.28-r0", "latest_non_vulnerable_version": "1.2.29-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96094?format=api", "vulnerability_id": "VCID-3y7d-ujep-4ydm", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74732", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74747", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.7477", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74749", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74699", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.747", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m", "reference_id": "GHSA-37x7-mfjv-mm7m", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:13:47Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-34340" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3y7d-ujep-4ydm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96069?format=api", "vulnerability_id": "VCID-44fx-4w2y-y3dy", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90715", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.9067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.9068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06015", "scoring_system": "epss", "scoring_elements": "0.90689", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x", "reference_id": "GHSA-jrxg-8wh8-943x", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:19:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-31458" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44fx-4w2y-y3dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96066?format=api", "vulnerability_id": "VCID-6t6n-ws5n-wkay", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65708", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65702", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65667", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65719", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65731", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65752", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65737", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65672", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443" }, { "reference_url": "https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf", "reference_id": "f946fa537d19678f938ddbd784a10e3290d275cf", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/" } ], "url": "https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3", "reference_id": "GHSA-rqc8-78cm-85j3", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:21:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-31443" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6n-ws5n-wkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96001?format=api", "vulnerability_id": "VCID-85gc-u991-z3dw", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the \"Package Import\" feature, allows authenticated users having the \"Import Templates\" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99491", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99498", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99496", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.88383", "scoring_system": "epss", "scoring_elements": "0.99493", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/May/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/May/6" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt", "reference_id": "CVE-2024-25641", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52225.txt" }, { "reference_url": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210", "reference_id": "eff35b0ff26cc27c82d7880469ed6d5e3bef6210", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/" } ], "url": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88", "reference_id": "GHSA-7cmj-g5qc-pj88", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:38Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-25641" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-85gc-u991-z3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96068?format=api", "vulnerability_id": "VCID-fhtp-y9a5-vqgj", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97298", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97297", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97296", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.9728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97285", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.39471", "scoring_system": "epss", "scoring_elements": "0.97286", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31445" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445" }, { "reference_url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717", "reference_id": "api_automation.php#L717", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717" }, { "reference_url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856", "reference_id": "api_automation.php#L856", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856" }, { "reference_url": "https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886", "reference_id": "fd93c6e47651958b77c3bbe6a01fff695f81e886", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc", "reference_id": "GHSA-vjph-r677-6pcc", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:40Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-31445" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhtp-y9a5-vqgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96070?format=api", "vulnerability_id": "VCID-jkca-shmj-mbbu", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82968", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82921", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82933", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.8293", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82955", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82962", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82977", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01844", "scoring_system": "epss", "scoring_elements": "0.82972", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv", "reference_id": "GHSA-cx8g-hvq8-p2rv", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r", "reference_id": "GHSA-gj3f-p326-gh8r", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp", "reference_id": "GHSA-pfh9-gwm6-86vp", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-17T04:00:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-31459" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkca-shmj-mbbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96071?format=api", "vulnerability_id": "VCID-k7kv-za2s-dud5", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82247", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82211", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82234", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.8226", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82253", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01692", "scoring_system": "epss", "scoring_elements": "0.82191", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv", "reference_id": "GHSA-cx8g-hvq8-p2rv", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r", "reference_id": "GHSA-gj3f-p326-gh8r", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-13T17:23:51Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-31460" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7kv-za2s-dud5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97729?format=api", "vulnerability_id": "VCID-y4py-r1dd-9bcu", "summary": "Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37141", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37127", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37178", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37192", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37202", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37271", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29894" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh", "reference_id": "GHSA-grj5-8fcj-34gh", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:24:33Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73", "reference_id": "GHSA-xwqc-7jc4-xm73", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:24:33Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:24:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-29894" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y4py-r1dd-9bcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96067?format=api", "vulnerability_id": "VCID-y683-kz6e-afhv", "summary": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92787", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92769", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92778", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92783", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92788", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92767", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09401", "scoring_system": "epss", "scoring_elements": "0.92772", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31444" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87", "reference_id": "GHSA-p4ch-7hjw-6m87", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "reference_id": "RBEOAFKRARQHTDIYSL723XAFJ2Q6624X", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:22:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" }, { "reference_url": "https://usn.ubuntu.com/6969-1/", "reference_id": "USN-6969-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6969-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/388992?format=api", "purl": "pkg:apk/alpine/cacti@1.2.27-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2024-31444" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y683-kz6e-afhv" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.27-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" }