Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.sshd/sshd-common@2.9.3
Typemaven
Namespaceorg.apache.sshd
Namesshd-common
Version2.9.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.12.0
Latest_non_vulnerable_version2.12.0
Affected_by_vulnerabilities
0
url VCID-r4e4-u4s6-63gc
vulnerability_id VCID-r4e4-u4s6-63gc
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35887.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35887.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-35887
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27574
published_at 2026-04-21T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27629
published_at 2026-04-13T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27613
published_at 2026-04-18T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27787
published_at 2026-04-02T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27639
published_at 2026-04-16T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27826
published_at 2026-04-04T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27617
published_at 2026-04-07T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27683
published_at 2026-04-08T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.27726
published_at 2026-04-09T12:55:00Z
9
value 0.001
scoring_system epss
scoring_elements 0.27731
published_at 2026-04-11T12:55:00Z
10
value 0.001
scoring_system epss
scoring_elements 0.27687
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-35887
2
reference_url https://github.com/apache/mina-sshd
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd
3
reference_url https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0
4
reference_url https://github.com/apache/mina-sshd/commit/a61e93035f06bff8fc622ad94870fb773d48b9f0
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/a61e93035f06bff8fc622ad94870fb773d48b9f0
5
reference_url https://github.com/apache/mina-sshd/commit/c20739b43aab0f7bf2ccad982a6cb37b9d5a8a0b
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/c20739b43aab0f7bf2ccad982a6cb37b9d5a8a0b
6
reference_url https://github.com/apache/mina-sshd/pull/362
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/pull/362
7
reference_url https://issues.apache.org/jira/browse/SSHD-1324
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SSHD-1324
8
reference_url https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T19:40:36Z/
url https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2240036
reference_id 2240036
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2240036
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-35887
reference_id CVE-2023-35887
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-35887
11
reference_url https://github.com/advisories/GHSA-mjmq-gwgm-5qhm
reference_id GHSA-mjmq-gwgm-5qhm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mjmq-gwgm-5qhm
12
reference_url https://access.redhat.com/errata/RHSA-2024:1192
reference_id RHSA-2024:1192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1192
13
reference_url https://access.redhat.com/errata/RHSA-2024:1193
reference_id RHSA-2024:1193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1193
fixed_packages
0
url pkg:maven/org.apache.sshd/sshd-common@2.10.0
purl pkg:maven/org.apache.sshd/sshd-common@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zxcy-vvmk-xbag
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sshd/sshd-common@2.10.0
aliases CVE-2023-35887, GHSA-mjmq-gwgm-5qhm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4e4-u4s6-63gc
1
url VCID-zxcy-vvmk-xbag
vulnerability_id VCID-zxcy-vvmk-xbag
summary 
Apache MINA SSHD: integrity check bypass
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which 
some security features have been downgraded or disabled, aka a Terrapin 
attack

The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41909.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41909.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41909
reference_id
reference_type
scores
0
value 0.00478
scoring_system epss
scoring_elements 0.65029
published_at 2026-04-21T12:55:00Z
1
value 0.00478
scoring_system epss
scoring_elements 0.65044
published_at 2026-04-18T12:55:00Z
2
value 0.00478
scoring_system epss
scoring_elements 0.64964
published_at 2026-04-02T12:55:00Z
3
value 0.00478
scoring_system epss
scoring_elements 0.65035
published_at 2026-04-16T12:55:00Z
4
value 0.00478
scoring_system epss
scoring_elements 0.64997
published_at 2026-04-13T12:55:00Z
5
value 0.00478
scoring_system epss
scoring_elements 0.65025
published_at 2026-04-12T12:55:00Z
6
value 0.00478
scoring_system epss
scoring_elements 0.65036
published_at 2026-04-11T12:55:00Z
7
value 0.00478
scoring_system epss
scoring_elements 0.64991
published_at 2026-04-04T12:55:00Z
8
value 0.00478
scoring_system epss
scoring_elements 0.64954
published_at 2026-04-07T12:55:00Z
9
value 0.00478
scoring_system epss
scoring_elements 0.65018
published_at 2026-04-09T12:55:00Z
10
value 0.00478
scoring_system epss
scoring_elements 0.65003
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41909
2
reference_url https://github.com/apache/mina-sshd
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd
3
reference_url https://github.com/apache/mina-sshd/commit/315739e4e9d1dc7a4ff32ea64936982ed0b73e76
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/315739e4e9d1dc7a4ff32ea64936982ed0b73e76
4
reference_url https://github.com/apache/mina-sshd/commit/6b0fd46f64bcb75eeeee31d65f10242660aad7c1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/6b0fd46f64bcb75eeeee31d65f10242660aad7c1
5
reference_url https://github.com/apache/mina-sshd/commit/7b2c781640a7a78a9455b86593a1f63c9e8cab92
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/7b2c781640a7a78a9455b86593a1f63c9e8cab92
6
reference_url https://github.com/apache/mina-sshd/issues/445
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T14:03:16Z/
url https://github.com/apache/mina-sshd/issues/445
7
reference_url https://github.com/apache/mina-sshd/pull/449
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/pull/449
8
reference_url https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0
9
reference_url https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T14:03:16Z/
url https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41909
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41909
11
reference_url https://security.netapp.com/advisory/ntap-20241011-0006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241011-0006
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2304442
reference_id 2304442
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2304442
13
reference_url https://github.com/advisories/GHSA-2326-hx7g-3m9r
reference_id GHSA-2326-hx7g-3m9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2326-hx7g-3m9r
fixed_packages
0
url pkg:maven/org.apache.sshd/sshd-common@2.12.0
purl pkg:maven/org.apache.sshd/sshd-common@2.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sshd/sshd-common@2.12.0
aliases CVE-2024-41909, GHSA-2326-hx7g-3m9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxcy-vvmk-xbag
Fixing_vulnerabilities
0
url VCID-r4e4-u4s6-63gc
vulnerability_id VCID-r4e4-u4s6-63gc
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35887.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35887.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-35887
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27574
published_at 2026-04-21T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27629
published_at 2026-04-13T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27613
published_at 2026-04-18T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27787
published_at 2026-04-02T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27639
published_at 2026-04-16T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27826
published_at 2026-04-04T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27617
published_at 2026-04-07T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27683
published_at 2026-04-08T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.27726
published_at 2026-04-09T12:55:00Z
9
value 0.001
scoring_system epss
scoring_elements 0.27731
published_at 2026-04-11T12:55:00Z
10
value 0.001
scoring_system epss
scoring_elements 0.27687
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-35887
2
reference_url https://github.com/apache/mina-sshd
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd
3
reference_url https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0
4
reference_url https://github.com/apache/mina-sshd/commit/a61e93035f06bff8fc622ad94870fb773d48b9f0
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/a61e93035f06bff8fc622ad94870fb773d48b9f0
5
reference_url https://github.com/apache/mina-sshd/commit/c20739b43aab0f7bf2ccad982a6cb37b9d5a8a0b
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/c20739b43aab0f7bf2ccad982a6cb37b9d5a8a0b
6
reference_url https://github.com/apache/mina-sshd/pull/362
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/pull/362
7
reference_url https://issues.apache.org/jira/browse/SSHD-1324
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SSHD-1324
8
reference_url https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T19:40:36Z/
url https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2240036
reference_id 2240036
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2240036
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-35887
reference_id CVE-2023-35887
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-35887
11
reference_url https://github.com/advisories/GHSA-mjmq-gwgm-5qhm
reference_id GHSA-mjmq-gwgm-5qhm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mjmq-gwgm-5qhm
12
reference_url https://access.redhat.com/errata/RHSA-2024:1192
reference_id RHSA-2024:1192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1192
13
reference_url https://access.redhat.com/errata/RHSA-2024:1193
reference_id RHSA-2024:1193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1193
fixed_packages
0
url pkg:maven/org.apache.sshd/sshd-common@2.9.3
purl pkg:maven/org.apache.sshd/sshd-common@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r4e4-u4s6-63gc
1
vulnerability VCID-zxcy-vvmk-xbag
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sshd/sshd-common@2.9.3
1
url pkg:maven/org.apache.sshd/sshd-common@2.10.0
purl pkg:maven/org.apache.sshd/sshd-common@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zxcy-vvmk-xbag
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sshd/sshd-common@2.10.0
aliases CVE-2023-35887, GHSA-mjmq-gwgm-5qhm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4e4-u4s6-63gc
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sshd/sshd-common@2.9.3