Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins@2.504.2.1750916374-3?arch=el8
Typerpm
Namespaceredhat
Namejenkins
Version2.504.2.1750916374-3
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-9dt3-fcnc-j3hg
vulnerability_id VCID-9dt3-fcnc-j3hg
summary 
Netplex Json-smart Uncontrolled Recursion vulnerability
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

The fixed version only addresses the default modes provided by [JSONParser](https://github.com/netplex/json-smart-v2/blob/master/json-smart/src/main/java/net/minidev/json/parser/JSONParser.java#L118), such as `MODE_RFC4627`. If you create the JSONParser manually or with custom options, make sure to set the `LIMIT_JSON_DEPTH` option.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57699.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57699.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-57699
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12292
published_at 2026-04-13T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.12193
published_at 2026-04-18T12:55:00Z
2
value 0.0004
scoring_system epss
scoring_elements 0.1219
published_at 2026-04-16T12:55:00Z
3
value 0.0004
scoring_system epss
scoring_elements 0.12387
published_at 2026-04-02T12:55:00Z
4
value 0.0004
scoring_system epss
scoring_elements 0.1231
published_at 2026-04-08T12:55:00Z
5
value 0.0004
scoring_system epss
scoring_elements 0.12361
published_at 2026-04-09T12:55:00Z
6
value 0.0004
scoring_system epss
scoring_elements 0.12368
published_at 2026-04-11T12:55:00Z
7
value 0.0004
scoring_system epss
scoring_elements 0.1233
published_at 2026-04-12T12:55:00Z
8
value 0.00047
scoring_system epss
scoring_elements 0.14461
published_at 2026-04-21T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16418
published_at 2026-04-04T12:55:00Z
10
value 0.00052
scoring_system epss
scoring_elements 0.16217
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-57699
2
reference_url https://github.com/netplex/json-smart-v2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2
3
reference_url https://github.com/netplex/json-smart-v2/issues/232
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/issues/232
4
reference_url https://github.com/netplex/json-smart-v2/issues/233
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/issues/233
5
reference_url https://github.com/netplex/json-smart-v2/issues/236
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/issues/236
6
reference_url https://github.com/netplex/json-smart-v2/releases/tag/2.5.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/releases/tag/2.5.2
7
reference_url https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-06T15:14:00Z/
url https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699
8
reference_url https://nvd.nist.gov/vuln/detail/cve-2023-1370
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-06T15:14:00Z/
url https://nvd.nist.gov/vuln/detail/cve-2023-1370
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-57699
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-57699
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095839
reference_id 1095839
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095839
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2344073
reference_id 2344073
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2344073
12
reference_url https://github.com/advisories/GHSA-pq2g-wx69-c263
reference_id GHSA-pq2g-wx69-c263
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pq2g-wx69-c263
13
reference_url https://access.redhat.com/errata/RHSA-2025:10092
reference_id RHSA-2025:10092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10092
14
reference_url https://access.redhat.com/errata/RHSA-2025:10097
reference_id RHSA-2025:10097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10097
15
reference_url https://access.redhat.com/errata/RHSA-2025:10098
reference_id RHSA-2025:10098
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10098
16
reference_url https://access.redhat.com/errata/RHSA-2025:10104
reference_id RHSA-2025:10104
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10104
17
reference_url https://access.redhat.com/errata/RHSA-2025:10118
reference_id RHSA-2025:10118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10118
18
reference_url https://access.redhat.com/errata/RHSA-2025:10119
reference_id RHSA-2025:10119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10119
19
reference_url https://access.redhat.com/errata/RHSA-2025:10120
reference_id RHSA-2025:10120
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10120
fixed_packages
aliases CVE-2024-57699, GHSA-pq2g-wx69-c263
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dt3-fcnc-j3hg
1
url VCID-pwnn-qx48-ykae
vulnerability_id VCID-pwnn-qx48-ykae
summary 
jackson-core can throw a StackoverflowError when processing deeply nested data
### Impact
With older versions  of jackson-core, if you parse an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large.

### Patches
jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. Change is in https://github.com/FasterXML/jackson-core/pull/943. jackson-core will throw a StreamConstraintsException if the limit is reached.
jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs.

### Workarounds
Users should avoid parsing input files from untrusted sources.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52999.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52999.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52999
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23381
published_at 2026-04-09T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23437
published_at 2026-04-02T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23473
published_at 2026-04-04T12:55:00Z
3
value 0.00078
scoring_system epss
scoring_elements 0.23259
published_at 2026-04-07T12:55:00Z
4
value 0.00078
scoring_system epss
scoring_elements 0.23331
published_at 2026-04-08T12:55:00Z
5
value 0.00085
scoring_system epss
scoring_elements 0.24625
published_at 2026-04-18T12:55:00Z
6
value 0.00085
scoring_system epss
scoring_elements 0.24719
published_at 2026-04-11T12:55:00Z
7
value 0.00085
scoring_system epss
scoring_elements 0.24622
published_at 2026-04-13T12:55:00Z
8
value 0.00085
scoring_system epss
scoring_elements 0.24679
published_at 2026-04-12T12:55:00Z
9
value 0.00085
scoring_system epss
scoring_elements 0.24635
published_at 2026-04-16T12:55:00Z
10
value 0.00206
scoring_system epss
scoring_elements 0.42836
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52999
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52999
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52999
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/FasterXML/jackson-core
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-core
5
reference_url https://github.com/FasterXML/jackson-core/pull/943
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:04:07Z/
url https://github.com/FasterXML/jackson-core/pull/943
6
reference_url https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:04:07Z/
url https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-52999
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-52999
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108367
reference_id 1108367
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108367
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2374804
reference_id 2374804
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2374804
10
reference_url https://github.com/advisories/GHSA-h46c-h94j-95f3
reference_id GHSA-h46c-h94j-95f3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h46c-h94j-95f3
11
reference_url https://access.redhat.com/errata/RHSA-2025:10092
reference_id RHSA-2025:10092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10092
12
reference_url https://access.redhat.com/errata/RHSA-2025:10097
reference_id RHSA-2025:10097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10097
13
reference_url https://access.redhat.com/errata/RHSA-2025:10098
reference_id RHSA-2025:10098
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10098
14
reference_url https://access.redhat.com/errata/RHSA-2025:10104
reference_id RHSA-2025:10104
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10104
15
reference_url https://access.redhat.com/errata/RHSA-2025:10118
reference_id RHSA-2025:10118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10118
16
reference_url https://access.redhat.com/errata/RHSA-2025:10119
reference_id RHSA-2025:10119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10119
17
reference_url https://access.redhat.com/errata/RHSA-2025:10120
reference_id RHSA-2025:10120
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10120
18
reference_url https://access.redhat.com/errata/RHSA-2025:11473
reference_id RHSA-2025:11473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11473
19
reference_url https://access.redhat.com/errata/RHSA-2025:11474
reference_id RHSA-2025:11474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11474
20
reference_url https://access.redhat.com/errata/RHSA-2025:12280
reference_id RHSA-2025:12280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12280
21
reference_url https://access.redhat.com/errata/RHSA-2025:12281
reference_id RHSA-2025:12281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12281
22
reference_url https://access.redhat.com/errata/RHSA-2025:12282
reference_id RHSA-2025:12282
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12282
23
reference_url https://access.redhat.com/errata/RHSA-2025:12283
reference_id RHSA-2025:12283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12283
24
reference_url https://access.redhat.com/errata/RHSA-2025:14116
reference_id RHSA-2025:14116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14116
25
reference_url https://access.redhat.com/errata/RHSA-2025:14117
reference_id RHSA-2025:14117
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14117
26
reference_url https://access.redhat.com/errata/RHSA-2025:14118
reference_id RHSA-2025:14118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14118
27
reference_url https://access.redhat.com/errata/RHSA-2025:14126
reference_id RHSA-2025:14126
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14126
28
reference_url https://access.redhat.com/errata/RHSA-2025:14127
reference_id RHSA-2025:14127
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14127
29
reference_url https://access.redhat.com/errata/RHSA-2025:15717
reference_id RHSA-2025:15717
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15717
30
reference_url https://access.redhat.com/errata/RHSA-2025:15847
reference_id RHSA-2025:15847
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15847
31
reference_url https://access.redhat.com/errata/RHSA-2025:17189
reference_id RHSA-2025:17189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17189
32
reference_url https://access.redhat.com/errata/RHSA-2026:0742
reference_id RHSA-2026:0742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0742
fixed_packages
aliases CVE-2025-52999, GHSA-h46c-h94j-95f3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwnn-qx48-ykae
2
url VCID-sshg-yscz-afga
vulnerability_id VCID-sshg-yscz-afga
summary 
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit
### Original Report

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.

### Impact
Remote peers can cause the JVM to crash or continuously report OOM.

### Patches
12.0.17

### Workarounds
No workarounds.

### References
https://github.com/jetty/jetty.project/issues/12690
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1948.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1948.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1948
reference_id
reference_type
scores
0
value 0.0047
scoring_system epss
scoring_elements 0.64599
published_at 2026-04-21T12:55:00Z
1
value 0.00576
scoring_system epss
scoring_elements 0.68826
published_at 2026-04-16T12:55:00Z
2
value 0.00576
scoring_system epss
scoring_elements 0.68785
published_at 2026-04-13T12:55:00Z
3
value 0.00576
scoring_system epss
scoring_elements 0.68814
published_at 2026-04-12T12:55:00Z
4
value 0.00576
scoring_system epss
scoring_elements 0.68737
published_at 2026-04-02T12:55:00Z
5
value 0.00576
scoring_system epss
scoring_elements 0.68806
published_at 2026-04-09T12:55:00Z
6
value 0.00576
scoring_system epss
scoring_elements 0.68787
published_at 2026-04-08T12:55:00Z
7
value 0.00576
scoring_system epss
scoring_elements 0.68735
published_at 2026-04-07T12:55:00Z
8
value 0.00576
scoring_system epss
scoring_elements 0.68757
published_at 2026-04-04T12:55:00Z
9
value 0.00576
scoring_system epss
scoring_elements 0.68828
published_at 2026-04-11T12:55:00Z
10
value 0.00576
scoring_system epss
scoring_elements 0.68836
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1948
2
reference_url https://github.com/jetty/jetty.project
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project
3
reference_url https://github.com/jetty/jetty.project/commit/c8c2515936ef968dc8a3cecd9e79d1e69291e4bb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project/commit/c8c2515936ef968dc8a3cecd9e79d1e69291e4bb
4
reference_url https://github.com/jetty/jetty.project/issues/12690
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project/issues/12690
5
reference_url https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:31:29Z/
url https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8
6
reference_url https://gitlab.eclipse.org/security/cve-assignement/-/issues/56
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:31:29Z/
url https://gitlab.eclipse.org/security/cve-assignement/-/issues/56
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-1948
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-1948
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2365137
reference_id 2365137
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2365137
9
reference_url https://github.com/advisories/GHSA-889j-63jv-qhr8
reference_id GHSA-889j-63jv-qhr8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-889j-63jv-qhr8
10
reference_url https://access.redhat.com/errata/RHSA-2025:10092
reference_id RHSA-2025:10092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10092
11
reference_url https://access.redhat.com/errata/RHSA-2025:10097
reference_id RHSA-2025:10097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10097
12
reference_url https://access.redhat.com/errata/RHSA-2025:10098
reference_id RHSA-2025:10098
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10098
13
reference_url https://access.redhat.com/errata/RHSA-2025:10104
reference_id RHSA-2025:10104
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10104
14
reference_url https://access.redhat.com/errata/RHSA-2025:10118
reference_id RHSA-2025:10118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10118
15
reference_url https://access.redhat.com/errata/RHSA-2025:10119
reference_id RHSA-2025:10119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10119
16
reference_url https://access.redhat.com/errata/RHSA-2025:10120
reference_id RHSA-2025:10120
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10120
17
reference_url https://access.redhat.com/errata/RHSA-2025:13274
reference_id RHSA-2025:13274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13274
18
reference_url https://access.redhat.com/errata/RHSA-2025:7696
reference_id RHSA-2025:7696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7696
fixed_packages
aliases CVE-2025-1948, GHSA-889j-63jv-qhr8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sshg-yscz-afga
3
url VCID-vghg-4esd-cbc6
vulnerability_id VCID-vghg-4esd-cbc6
summary 
Spring Security Does Not Enforce Password Length
BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22228.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22228.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22228
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09259
published_at 2026-04-21T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09105
published_at 2026-04-18T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09124
published_at 2026-04-16T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09229
published_at 2026-04-13T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09243
published_at 2026-04-12T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.09273
published_at 2026-04-11T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09271
published_at 2026-04-09T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.09233
published_at 2026-04-08T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.09153
published_at 2026-04-07T12:55:00Z
9
value 0.00032
scoring_system epss
scoring_elements 0.09186
published_at 2026-04-02T12:55:00Z
10
value 0.00032
scoring_system epss
scoring_elements 0.09232
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22228
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/commit/46f0dc6dfc8402cd556c598fdf2d31f9d46cdbf3
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/46f0dc6dfc8402cd556c598fdf2d31f9d46cdbf3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22228
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22228
5
reference_url https://security.netapp.com/advisory/ntap-20250425-0009
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250425-0009
6
reference_url https://spring.io/security/cve-2025-22228
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-21T03:55:17Z/
url https://spring.io/security/cve-2025-22228
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2353507
reference_id 2353507
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2353507
8
reference_url https://github.com/advisories/GHSA-mg83-c7gq-rv5c
reference_id GHSA-mg83-c7gq-rv5c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg83-c7gq-rv5c
9
reference_url https://access.redhat.com/errata/RHSA-2025:10092
reference_id RHSA-2025:10092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10092
10
reference_url https://access.redhat.com/errata/RHSA-2025:10097
reference_id RHSA-2025:10097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10097
11
reference_url https://access.redhat.com/errata/RHSA-2025:10098
reference_id RHSA-2025:10098
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10098
12
reference_url https://access.redhat.com/errata/RHSA-2025:10104
reference_id RHSA-2025:10104
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10104
13
reference_url https://access.redhat.com/errata/RHSA-2025:10118
reference_id RHSA-2025:10118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10118
14
reference_url https://access.redhat.com/errata/RHSA-2025:10119
reference_id RHSA-2025:10119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10119
15
reference_url https://access.redhat.com/errata/RHSA-2025:10120
reference_id RHSA-2025:10120
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10120
fixed_packages
aliases CVE-2025-22228, GHSA-mg83-c7gq-rv5c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vghg-4esd-cbc6
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.504.2.1750916374-3%3Farch=el8