Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/eap7-undertow@2.0.41-5.SP6_redhat_00001.1?arch=el7eap
Typerpm
Namespaceredhat
Nameeap7-undertow
Version2.0.41-5.SP6_redhat_00001.1
Qualifiers
arch el7eap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1j1w-c84m-b3h3
vulnerability_id VCID-1j1w-c84m-b3h3
summary 
Apache Commons Improper Access Control vulnerability
Improper Access Control vulnerability in Apache Commons.



A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.





Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().
Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests.

This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils

 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.


Users of the artifact org.apache.commons:commons-beanutils2

 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48734.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48734.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48734
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40401
published_at 2026-04-16T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40388
published_at 2026-04-02T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.40414
published_at 2026-04-04T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40338
published_at 2026-04-07T12:55:00Z
4
value 0.00186
scoring_system epss
scoring_elements 0.40389
published_at 2026-04-08T12:55:00Z
5
value 0.00186
scoring_system epss
scoring_elements 0.404
published_at 2026-04-09T12:55:00Z
6
value 0.00186
scoring_system epss
scoring_elements 0.40411
published_at 2026-04-11T12:55:00Z
7
value 0.00186
scoring_system epss
scoring_elements 0.40373
published_at 2026-04-12T12:55:00Z
8
value 0.00186
scoring_system epss
scoring_elements 0.40354
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48734
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48734
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/commons-beanutils
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-beanutils
5
reference_url https://github.com/apache/commons-beanutils/commit/bd20740da25b69552ddef8523beec0837297eaf9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-beanutils/commit/bd20740da25b69552ddef8523beec0837297eaf9
6
reference_url https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:16Z/
url https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9
7
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48734
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48734
9
reference_url http://www.openwall.com/lists/oss-security/2025/05/28/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/05/28/6
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106746
reference_id 1106746
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106746
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2368956
reference_id 2368956
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2368956
12
reference_url https://github.com/advisories/GHSA-wxr5-93ph-8wr9
reference_id GHSA-wxr5-93ph-8wr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxr5-93ph-8wr9
13
reference_url https://security.gentoo.org/glsa/202601-05
reference_id GLSA-202601-05
reference_type
scores
url https://security.gentoo.org/glsa/202601-05
14
reference_url https://access.redhat.com/errata/RHSA-2025:10452
reference_id RHSA-2025:10452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10452
15
reference_url https://access.redhat.com/errata/RHSA-2025:10453
reference_id RHSA-2025:10453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10453
16
reference_url https://access.redhat.com/errata/RHSA-2025:10459
reference_id RHSA-2025:10459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10459
17
reference_url https://access.redhat.com/errata/RHSA-2025:10814
reference_id RHSA-2025:10814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10814
18
reference_url https://access.redhat.com/errata/RHSA-2025:10931
reference_id RHSA-2025:10931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10931
19
reference_url https://access.redhat.com/errata/RHSA-2025:13274
reference_id RHSA-2025:13274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13274
20
reference_url https://access.redhat.com/errata/RHSA-2025:15810
reference_id RHSA-2025:15810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15810
21
reference_url https://access.redhat.com/errata/RHSA-2025:15811
reference_id RHSA-2025:15811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15811
22
reference_url https://access.redhat.com/errata/RHSA-2025:15812
reference_id RHSA-2025:15812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15812
23
reference_url https://access.redhat.com/errata/RHSA-2025:15813
reference_id RHSA-2025:15813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15813
24
reference_url https://access.redhat.com/errata/RHSA-2025:15814
reference_id RHSA-2025:15814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15814
25
reference_url https://access.redhat.com/errata/RHSA-2025:15815
reference_id RHSA-2025:15815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15815
26
reference_url https://access.redhat.com/errata/RHSA-2025:15816
reference_id RHSA-2025:15816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15816
27
reference_url https://access.redhat.com/errata/RHSA-2025:15817
reference_id RHSA-2025:15817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15817
28
reference_url https://access.redhat.com/errata/RHSA-2025:16409
reference_id RHSA-2025:16409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16409
29
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
30
reference_url https://access.redhat.com/errata/RHSA-2025:8265
reference_id RHSA-2025:8265
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8265
31
reference_url https://access.redhat.com/errata/RHSA-2025:8919
reference_id RHSA-2025:8919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8919
32
reference_url https://access.redhat.com/errata/RHSA-2025:9114
reference_id RHSA-2025:9114
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9114
33
reference_url https://access.redhat.com/errata/RHSA-2025:9115
reference_id RHSA-2025:9115
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9115
34
reference_url https://access.redhat.com/errata/RHSA-2025:9117
reference_id RHSA-2025:9117
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9117
35
reference_url https://access.redhat.com/errata/RHSA-2025:9166
reference_id RHSA-2025:9166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9166
36
reference_url https://access.redhat.com/errata/RHSA-2025:9318
reference_id RHSA-2025:9318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9318
37
reference_url https://access.redhat.com/errata/RHSA-2025:9696
reference_id RHSA-2025:9696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9696
38
reference_url https://access.redhat.com/errata/RHSA-2025:9697
reference_id RHSA-2025:9697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9697
fixed_packages
aliases CVE-2025-48734, GHSA-wxr5-93ph-8wr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1j1w-c84m-b3h3
1
url VCID-2e6w-fs4j-17g9
vulnerability_id VCID-2e6w-fs4j-17g9
summary HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27316
reference_id
reference_type
scores
0
value 0.89409
scoring_system epss
scoring_elements 0.99549
published_at 2026-04-16T12:55:00Z
1
value 0.89409
scoring_system epss
scoring_elements 0.99542
published_at 2026-04-02T12:55:00Z
2
value 0.89409
scoring_system epss
scoring_elements 0.99543
published_at 2026-04-04T12:55:00Z
3
value 0.89409
scoring_system epss
scoring_elements 0.99545
published_at 2026-04-11T12:55:00Z
4
value 0.89409
scoring_system epss
scoring_elements 0.99546
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27316
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id 1068412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
10
reference_url https://www.openwall.com/lists/oss-security/2024/04/03/16
reference_id 16
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/
url https://www.openwall.com/lists/oss-security/2024/04/03/16
11
reference_url http://seclists.org/fulldisclosure/2024/Jul/18
reference_id 18
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/
url http://seclists.org/fulldisclosure/2024/Jul/18
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268277
reference_id 2268277
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268277
13
reference_url http://www.openwall.com/lists/oss-security/2024/04/04/4
reference_id 4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/
url http://www.openwall.com/lists/oss-security/2024/04/04/4
14
reference_url https://httpd.apache.org/security/json/CVE-2024-27316.json
reference_id CVE-2024-27316
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-27316.json
15
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
16
reference_url https://support.apple.com/kb/HT214119
reference_id HT214119
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/
url https://support.apple.com/kb/HT214119
17
reference_url https://access.redhat.com/errata/RHSA-2024:1786
reference_id RHSA-2024:1786
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1786
18
reference_url https://access.redhat.com/errata/RHSA-2024:1872
reference_id RHSA-2024:1872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1872
19
reference_url https://access.redhat.com/errata/RHSA-2024:2564
reference_id RHSA-2024:2564
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2564
20
reference_url https://access.redhat.com/errata/RHSA-2024:2693
reference_id RHSA-2024:2693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2693
21
reference_url https://access.redhat.com/errata/RHSA-2024:2694
reference_id RHSA-2024:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2694
22
reference_url https://access.redhat.com/errata/RHSA-2024:2891
reference_id RHSA-2024:2891
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2891
23
reference_url https://access.redhat.com/errata/RHSA-2024:2907
reference_id RHSA-2024:2907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2907
24
reference_url https://access.redhat.com/errata/RHSA-2024:3402
reference_id RHSA-2024:3402
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3402
25
reference_url https://access.redhat.com/errata/RHSA-2024:3417
reference_id RHSA-2024:3417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3417
26
reference_url https://access.redhat.com/errata/RHSA-2024:4390
reference_id RHSA-2024:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4390
27
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
28
reference_url https://usn.ubuntu.com/6729-1/
reference_id USN-6729-1
reference_type
scores
url https://usn.ubuntu.com/6729-1/
29
reference_url https://usn.ubuntu.com/6729-2/
reference_id USN-6729-2
reference_type
scores
url https://usn.ubuntu.com/6729-2/
30
reference_url https://usn.ubuntu.com/6729-3/
reference_id USN-6729-3
reference_type
scores
url https://usn.ubuntu.com/6729-3/
fixed_packages
aliases CVE-2024-27316
risk_score 10.0
exploitability 2.0
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e6w-fs4j-17g9
2
url VCID-3zsw-hyhp-4yfm
vulnerability_id VCID-3zsw-hyhp-4yfm
summary 
Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse
# Withdrawn Advisory
This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109.

# Original Description
A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:10927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:10927
1
reference_url https://access.redhat.com/errata/RHSA-2024:10928
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:10928
2
reference_url https://access.redhat.com/errata/RHSA-2024:10929
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:10929
3
reference_url https://access.redhat.com/errata/RHSA-2024:10933
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:10933
4
reference_url https://access.redhat.com/errata/RHSA-2024:11559
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:11559
5
reference_url https://access.redhat.com/errata/RHSA-2024:11560
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:11560
6
reference_url https://access.redhat.com/errata/RHSA-2024:11570
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:11570
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4109.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4109.json
8
reference_url https://access.redhat.com/security/cve/CVE-2024-4109
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2024-4109
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2272325
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2272325
10
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
11
reference_url https://github.com/undertow-io/undertow/blob/6ae61c6af88d2a8341922ccd0de98926e8349543/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java#L250-L259
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/blob/6ae61c6af88d2a8341922ccd0de98926e8349543/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java#L250-L259
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4109
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4109
13
reference_url https://github.com/advisories/GHSA-22c5-cpvr-cfvq
reference_id GHSA-22c5-cpvr-cfvq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22c5-cpvr-cfvq
14
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
fixed_packages
aliases CVE-2024-4109, GHSA-22c5-cpvr-cfvq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zsw-hyhp-4yfm
3
url VCID-myp6-7rre-euex
vulnerability_id VCID-myp6-7rre-euex
summary 
hornetq vulnerable to file overwrite, sensitive information disclosure
An issue in the `createTempFile` method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.
references
0
reference_url http://hornetq.com
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-06T16:04:11Z/
url http://hornetq.com
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51127.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51127.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51127
reference_id
reference_type
scores
0
value 0.01455
scoring_system epss
scoring_elements 0.80847
published_at 2026-04-16T12:55:00Z
1
value 0.01455
scoring_system epss
scoring_elements 0.80763
published_at 2026-04-02T12:55:00Z
2
value 0.01455
scoring_system epss
scoring_elements 0.80783
published_at 2026-04-04T12:55:00Z
3
value 0.01455
scoring_system epss
scoring_elements 0.8078
published_at 2026-04-07T12:55:00Z
4
value 0.01455
scoring_system epss
scoring_elements 0.80807
published_at 2026-04-08T12:55:00Z
5
value 0.01455
scoring_system epss
scoring_elements 0.80816
published_at 2026-04-09T12:55:00Z
6
value 0.01455
scoring_system epss
scoring_elements 0.80833
published_at 2026-04-11T12:55:00Z
7
value 0.01455
scoring_system epss
scoring_elements 0.80818
published_at 2026-04-12T12:55:00Z
8
value 0.01455
scoring_system epss
scoring_elements 0.8081
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51127
3
reference_url https://github.com/darranl/hornetq
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/darranl/hornetq
4
reference_url https://github.com/hornetq/hornetq/blob/HornetQ_2_4_9_Final/hornetq-core-client/src/main/java/org/hornetq/core/client/impl/ClientConsumerImpl.java#L665C35-L665C49
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hornetq/hornetq/blob/HornetQ_2_4_9_Final/hornetq-core-client/src/main/java/org/hornetq/core/client/impl/ClientConsumerImpl.java#L665C35-L665C49
5
reference_url https://github.com/JAckLosingHeart/CWE-378/blob/main/CVE-2024-51127.md
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-06T16:04:11Z/
url https://github.com/JAckLosingHeart/CWE-378/blob/main/CVE-2024-51127.md
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51127
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51127
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323697
reference_id 2323697
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323697
8
reference_url https://github.com/advisories/GHSA-r7mv-mv7m-pjw3
reference_id GHSA-r7mv-mv7m-pjw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7mv-mv7m-pjw3
9
reference_url https://access.redhat.com/errata/RHSA-2024:11529
reference_id RHSA-2024:11529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11529
10
reference_url https://access.redhat.com/errata/RHSA-2024:11531
reference_id RHSA-2024:11531
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11531
11
reference_url https://access.redhat.com/errata/RHSA-2025:0371
reference_id RHSA-2025:0371
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0371
12
reference_url https://access.redhat.com/errata/RHSA-2025:0372
reference_id RHSA-2025:0372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0372
13
reference_url https://access.redhat.com/errata/RHSA-2025:1635
reference_id RHSA-2025:1635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1635
14
reference_url https://access.redhat.com/errata/RHSA-2025:1636
reference_id RHSA-2025:1636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1636
15
reference_url https://access.redhat.com/errata/RHSA-2025:1637
reference_id RHSA-2025:1637
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1637
16
reference_url https://access.redhat.com/errata/RHSA-2025:1638
reference_id RHSA-2025:1638
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1638
17
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
fixed_packages
aliases CVE-2024-51127, GHSA-r7mv-mv7m-pjw3
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myp6-7rre-euex
4
url VCID-xme8-usmd-vqg3
vulnerability_id VCID-xme8-usmd-vqg3
summary 
Undertow vulnerable to Race Condition
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:11023
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:11023
1
reference_url https://access.redhat.com/errata/RHSA-2024:6508
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:6508
2
reference_url https://access.redhat.com/errata/RHSA-2024:6883
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:6883
3
reference_url https://access.redhat.com/errata/RHSA-2024:7441
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7441
4
reference_url https://access.redhat.com/errata/RHSA-2024:7442
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7442
5
reference_url https://access.redhat.com/errata/RHSA-2024:7735
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7735
6
reference_url https://access.redhat.com/errata/RHSA-2024:7736
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:7736
7
reference_url https://access.redhat.com/errata/RHSA-2024:8080
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2024:8080
8
reference_url https://access.redhat.com/errata/RHSA-2025:16667
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2025:16667
9
reference_url https://access.redhat.com/errata/RHSA-2026:0743
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/errata/RHSA-2026:0743
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json
11
reference_url https://access.redhat.com/security/cve/CVE-2024-7885
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://access.redhat.com/security/cve/CVE-2024-7885
12
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7885
reference_id
reference_type
scores
0
value 0.10699
scoring_system epss
scoring_elements 0.93339
published_at 2026-04-16T12:55:00Z
1
value 0.10699
scoring_system epss
scoring_elements 0.93299
published_at 2026-04-02T12:55:00Z
2
value 0.10699
scoring_system epss
scoring_elements 0.93305
published_at 2026-04-04T12:55:00Z
3
value 0.10699
scoring_system epss
scoring_elements 0.93304
published_at 2026-04-07T12:55:00Z
4
value 0.10699
scoring_system epss
scoring_elements 0.93312
published_at 2026-04-08T12:55:00Z
5
value 0.10699
scoring_system epss
scoring_elements 0.93317
published_at 2026-04-09T12:55:00Z
6
value 0.10699
scoring_system epss
scoring_elements 0.93321
published_at 2026-04-11T12:55:00Z
7
value 0.10699
scoring_system epss
scoring_elements 0.93319
published_at 2026-04-12T12:55:00Z
8
value 0.10699
scoring_system epss
scoring_elements 0.9332
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7885
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2305290
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2305290
14
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
15
reference_url https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
16
reference_url https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
17
reference_url https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7885
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7885
19
reference_url https://security.netapp.com/advisory/ntap-20241011-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241011-0004
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854
reference_id 1082854
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_id cpe:/a:redhat:apache_camel_spring_boot:3.20.7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_id cpe:/a:redhat:apache_camel_spring_boot:4.4.2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
reference_id cpe:/a:redhat:camel_spring_boot:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
reference_id cpe:/a:redhat:quarkus:3
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0
reference_id cpe:/a:redhat:rhboac_hawtio:4.0.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0
43
reference_url https://github.com/advisories/GHSA-9623-mqmm-5rcf
reference_id GHSA-9623-mqmm-5rcf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9623-mqmm-5rcf
fixed_packages
aliases CVE-2024-7885, GHSA-9623-mqmm-5rcf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xme8-usmd-vqg3
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-undertow@2.0.41-5.SP6_redhat_00001.1%3Farch=el7eap