Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/eap8-xml-security@3.0.4-1.redhat_00005.1?arch=el9eap
Typerpm
Namespaceredhat
Nameeap8-xml-security
Version3.0.4-1.redhat_00005.1
Qualifiers
arch el9eap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2j9r-6zbp-m3bz
vulnerability_id VCID-2j9r-6zbp-m3bz
summary 
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30171
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.28037
published_at 2026-04-13T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.28131
published_at 2026-04-09T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.28137
published_at 2026-04-11T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.28094
published_at 2026-04-12T12:55:00Z
4
value 0.00105
scoring_system epss
scoring_elements 0.28535
published_at 2026-04-07T12:55:00Z
5
value 0.00105
scoring_system epss
scoring_elements 0.2868
published_at 2026-04-02T12:55:00Z
6
value 0.00105
scoring_system epss
scoring_elements 0.2873
published_at 2026-04-04T12:55:00Z
7
value 0.00105
scoring_system epss
scoring_elements 0.28601
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30171
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30171
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30171
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217
5
reference_url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/
url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
6
reference_url https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
7
reference_url https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
8
reference_url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/
url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30171
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30171
10
reference_url https://security.netapp.com/advisory/ntap-20240614-0008
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240614-0008
11
reference_url https://www.bouncycastle.org/latest_releases.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/
url https://www.bouncycastle.org/latest_releases.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
reference_id 1070655
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2276360
reference_id 2276360
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2276360
14
reference_url https://github.com/advisories/GHSA-v435-xc8x-wvr9
reference_id GHSA-v435-xc8x-wvr9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v435-xc8x-wvr9
15
reference_url https://security.netapp.com/advisory/ntap-20240614-0008/
reference_id ntap-20240614-0008
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/
url https://security.netapp.com/advisory/ntap-20240614-0008/
16
reference_url https://access.redhat.com/errata/RHSA-2024:4173
reference_id RHSA-2024:4173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4173
17
reference_url https://access.redhat.com/errata/RHSA-2024:4271
reference_id RHSA-2024:4271
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4271
18
reference_url https://access.redhat.com/errata/RHSA-2024:4326
reference_id RHSA-2024:4326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4326
19
reference_url https://access.redhat.com/errata/RHSA-2024:4505
reference_id RHSA-2024:4505
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4505
20
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
21
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
22
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
23
reference_url https://usn.ubuntu.com/8108-1/
reference_id USN-8108-1
reference_type
scores
url https://usn.ubuntu.com/8108-1/
fixed_packages
aliases CVE-2024-30171, GHSA-v435-xc8x-wvr9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2j9r-6zbp-m3bz
1
url VCID-4rs8-tp92-p7ck
vulnerability_id VCID-4rs8-tp92-p7ck
summary 
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29857
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40999
published_at 2026-04-02T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.41005
published_at 2026-04-08T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.40956
published_at 2026-04-07T12:55:00Z
3
value 0.00191
scoring_system epss
scoring_elements 0.41031
published_at 2026-04-04T12:55:00Z
4
value 0.00252
scoring_system epss
scoring_elements 0.48553
published_at 2026-04-09T12:55:00Z
5
value 0.00252
scoring_system epss
scoring_elements 0.4856
published_at 2026-04-13T12:55:00Z
6
value 0.00252
scoring_system epss
scoring_elements 0.48547
published_at 2026-04-12T12:55:00Z
7
value 0.00252
scoring_system epss
scoring_elements 0.48574
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29857
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
5
reference_url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/
url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
6
reference_url https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
7
reference_url https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
8
reference_url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/
url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29857
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29857
10
reference_url https://security.netapp.com/advisory/ntap-20241206-0008
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241206-0008
11
reference_url https://www.bouncycastle.org/latest_releases.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/
url https://www.bouncycastle.org/latest_releases.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
reference_id 1070655
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2293028
reference_id 2293028
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2293028
14
reference_url https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
reference_id GHSA-8xfc-gm6g-vgpv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
15
reference_url https://access.redhat.com/errata/RHSA-2024:4271
reference_id RHSA-2024:4271
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4271
16
reference_url https://access.redhat.com/errata/RHSA-2024:4326
reference_id RHSA-2024:4326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4326
17
reference_url https://access.redhat.com/errata/RHSA-2024:4505
reference_id RHSA-2024:4505
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4505
18
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
19
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
20
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
21
reference_url https://usn.ubuntu.com/8108-1/
reference_id USN-8108-1
reference_type
scores
url https://usn.ubuntu.com/8108-1/
fixed_packages
aliases CVE-2024-29857, GHSA-8xfc-gm6g-vgpv
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rs8-tp92-p7ck
2
url VCID-8mj8-rxf8-qyau
vulnerability_id VCID-8mj8-rxf8-qyau
summary 
jose4j is vulnerable to DoS via compressed JWE content
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29371.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29371.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29371
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05156
published_at 2026-04-13T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05114
published_at 2026-04-02T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05216
published_at 2026-04-09T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05198
published_at 2026-04-08T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05165
published_at 2026-04-07T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05143
published_at 2026-04-04T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05169
published_at 2026-04-12T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05185
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29371
2
reference_url https://bitbucket.org/b_c/jose4j/commits/19a90a64c47bb07c4aa5462f1316d5c293d81fcf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/commits/19a90a64c47bb07c4aa5462f1316d5c293d81fcf
3
reference_url https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T18:38:20Z/
url https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack
4
reference_url https://bitbucket.org/b_c/jose4j/wiki/Home
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/wiki/Home
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423194
reference_id 2423194
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2423194
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29371
reference_id CVE-2024-29371
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29371
8
reference_url https://github.com/advisories/GHSA-3677-xxcr-wjqv
reference_id GHSA-3677-xxcr-wjqv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3677-xxcr-wjqv
9
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
10
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
11
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
12
reference_url https://access.redhat.com/errata/RHSA-2025:17299
reference_id RHSA-2025:17299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17299
fixed_packages
aliases CVE-2024-29371, GHSA-3677-xxcr-wjqv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mj8-rxf8-qyau
3
url VCID-d5x5-hcjh-efcr
vulnerability_id VCID-d5x5-hcjh-efcr
summary 
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30172.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30172.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30172
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22615
published_at 2026-04-13T12:55:00Z
1
value 0.00075
scoring_system epss
scoring_elements 0.22673
published_at 2026-04-12T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.22713
published_at 2026-04-11T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.23043
published_at 2026-04-08T12:55:00Z
4
value 0.00077
scoring_system epss
scoring_elements 0.23096
published_at 2026-04-09T12:55:00Z
5
value 0.00077
scoring_system epss
scoring_elements 0.23136
published_at 2026-04-02T12:55:00Z
6
value 0.00077
scoring_system epss
scoring_elements 0.2318
published_at 2026-04-04T12:55:00Z
7
value 0.00077
scoring_system epss
scoring_elements 0.2297
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30172
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30172
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30172
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172
5
reference_url https://github.com/bcgit/bc-java/commit/1b9fd9b545e691bfb3941a9f6a797660c8860f02
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/1b9fd9b545e691bfb3941a9f6a797660c8860f02
6
reference_url https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49
7
reference_url https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f
8
reference_url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30172
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30172
10
reference_url https://security.netapp.com/advisory/ntap-20240614-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240614-0007
11
reference_url https://www.bouncycastle.org/latest_releases.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T13:44:28Z/
url https://www.bouncycastle.org/latest_releases.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
reference_id 1070655
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2293025
reference_id 2293025
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2293025
14
reference_url https://github.com/advisories/GHSA-m44j-cfrm-g8qc
reference_id GHSA-m44j-cfrm-g8qc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m44j-cfrm-g8qc
15
reference_url https://security.netapp.com/advisory/ntap-20240614-0007/
reference_id ntap-20240614-0007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T13:44:28Z/
url https://security.netapp.com/advisory/ntap-20240614-0007/
16
reference_url https://access.redhat.com/errata/RHSA-2024:4271
reference_id RHSA-2024:4271
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4271
17
reference_url https://access.redhat.com/errata/RHSA-2024:4326
reference_id RHSA-2024:4326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4326
18
reference_url https://access.redhat.com/errata/RHSA-2024:4505
reference_id RHSA-2024:4505
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4505
19
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
20
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
21
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
22
reference_url https://usn.ubuntu.com/8108-1/
reference_id USN-8108-1
reference_type
scores
url https://usn.ubuntu.com/8108-1/
fixed_packages
aliases CVE-2024-30172, GHSA-m44j-cfrm-g8qc
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5x5-hcjh-efcr
4
url VCID-rewk-dvth-tubh
vulnerability_id VCID-rewk-dvth-tubh
summary 
Netty's HttpPostRequestDecoder can OOM
### Summary
The `HttpPostRequestDecoder` can be tricked to accumulate data. I have spotted currently two attack vectors 

### Details
1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list.
2. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits

### PoC

Here is a Netty branch that provides a fix + tests : https://github.com/vietj/netty/tree/post-request-decoder


Here is a reproducer with Vert.x (which uses this decoder) https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3

### Impact
Any Netty based HTTP server that uses the `HttpPostRequestDecoder` to decode a form.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29025
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49407
published_at 2026-04-02T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49442
published_at 2026-04-08T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49387
published_at 2026-04-07T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49434
published_at 2026-04-04T12:55:00Z
4
value 0.00268
scoring_system epss
scoring_elements 0.50278
published_at 2026-04-09T12:55:00Z
5
value 0.00268
scoring_system epss
scoring_elements 0.50306
published_at 2026-04-11T12:55:00Z
6
value 0.00268
scoring_system epss
scoring_elements 0.50279
published_at 2026-04-12T12:55:00Z
7
value 0.00324
scoring_system epss
scoring_elements 0.55489
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29025
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/
url https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3
5
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
6
reference_url https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/
url https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
7
reference_url https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/
url https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
8
reference_url https://github.com/vietj/netty/tree/post-request-decoder
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vietj/netty/tree/post-request-decoder
9
reference_url https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/
url https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29025
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29025
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110
reference_id 1068110
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2272907
reference_id 2272907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2272907
13
reference_url https://github.com/advisories/GHSA-5jpm-x58v-624v
reference_id GHSA-5jpm-x58v-624v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5jpm-x58v-624v
14
reference_url https://access.redhat.com/errata/RHSA-2024:3550
reference_id RHSA-2024:3550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3550
15
reference_url https://access.redhat.com/errata/RHSA-2024:4460
reference_id RHSA-2024:4460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4460
16
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
17
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
18
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
19
reference_url https://access.redhat.com/errata/RHSA-2024:6657
reference_id RHSA-2024:6657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6657
20
reference_url https://usn.ubuntu.com/7284-1/
reference_id USN-7284-1
reference_type
scores
url https://usn.ubuntu.com/7284-1/
fixed_packages
aliases CVE-2024-29025, GHSA-5jpm-x58v-624v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rewk-dvth-tubh
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-xml-security@3.0.4-1.redhat_00005.1%3Farch=el9eap