Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1?arch=el8eap
Typerpm
Namespaceredhat
Nameeap8-httpcomponents-asyncclient
Version4.1.5-4.redhat_00006.1
Qualifiers
arch el8eap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1j1w-c84m-b3h3
vulnerability_id VCID-1j1w-c84m-b3h3
summary 
Apache Commons Improper Access Control vulnerability
Improper Access Control vulnerability in Apache Commons.



A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.





Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().
Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests.

This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils

 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.


Users of the artifact org.apache.commons:commons-beanutils2

 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48734.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48734.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48734
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40371
published_at 2026-04-18T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40401
published_at 2026-04-16T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.40354
published_at 2026-04-13T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40373
published_at 2026-04-12T12:55:00Z
4
value 0.00186
scoring_system epss
scoring_elements 0.40411
published_at 2026-04-11T12:55:00Z
5
value 0.00186
scoring_system epss
scoring_elements 0.404
published_at 2026-04-09T12:55:00Z
6
value 0.00186
scoring_system epss
scoring_elements 0.40389
published_at 2026-04-08T12:55:00Z
7
value 0.00186
scoring_system epss
scoring_elements 0.40338
published_at 2026-04-07T12:55:00Z
8
value 0.00186
scoring_system epss
scoring_elements 0.40414
published_at 2026-04-04T12:55:00Z
9
value 0.00186
scoring_system epss
scoring_elements 0.40388
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48734
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48734
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/commons-beanutils
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-beanutils
5
reference_url https://github.com/apache/commons-beanutils/commit/bd20740da25b69552ddef8523beec0837297eaf9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-beanutils/commit/bd20740da25b69552ddef8523beec0837297eaf9
6
reference_url https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:16Z/
url https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9
7
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48734
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48734
9
reference_url http://www.openwall.com/lists/oss-security/2025/05/28/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/05/28/6
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106746
reference_id 1106746
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106746
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2368956
reference_id 2368956
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2368956
12
reference_url https://github.com/advisories/GHSA-wxr5-93ph-8wr9
reference_id GHSA-wxr5-93ph-8wr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxr5-93ph-8wr9
13
reference_url https://security.gentoo.org/glsa/202601-05
reference_id GLSA-202601-05
reference_type
scores
url https://security.gentoo.org/glsa/202601-05
14
reference_url https://access.redhat.com/errata/RHSA-2025:10452
reference_id RHSA-2025:10452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10452
15
reference_url https://access.redhat.com/errata/RHSA-2025:10453
reference_id RHSA-2025:10453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10453
16
reference_url https://access.redhat.com/errata/RHSA-2025:10459
reference_id RHSA-2025:10459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10459
17
reference_url https://access.redhat.com/errata/RHSA-2025:10814
reference_id RHSA-2025:10814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10814
18
reference_url https://access.redhat.com/errata/RHSA-2025:10931
reference_id RHSA-2025:10931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10931
19
reference_url https://access.redhat.com/errata/RHSA-2025:13274
reference_id RHSA-2025:13274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13274
20
reference_url https://access.redhat.com/errata/RHSA-2025:15810
reference_id RHSA-2025:15810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15810
21
reference_url https://access.redhat.com/errata/RHSA-2025:15811
reference_id RHSA-2025:15811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15811
22
reference_url https://access.redhat.com/errata/RHSA-2025:15812
reference_id RHSA-2025:15812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15812
23
reference_url https://access.redhat.com/errata/RHSA-2025:15813
reference_id RHSA-2025:15813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15813
24
reference_url https://access.redhat.com/errata/RHSA-2025:15814
reference_id RHSA-2025:15814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15814
25
reference_url https://access.redhat.com/errata/RHSA-2025:15815
reference_id RHSA-2025:15815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15815
26
reference_url https://access.redhat.com/errata/RHSA-2025:15816
reference_id RHSA-2025:15816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15816
27
reference_url https://access.redhat.com/errata/RHSA-2025:15817
reference_id RHSA-2025:15817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15817
28
reference_url https://access.redhat.com/errata/RHSA-2025:16409
reference_id RHSA-2025:16409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16409
29
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
30
reference_url https://access.redhat.com/errata/RHSA-2025:8265
reference_id RHSA-2025:8265
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8265
31
reference_url https://access.redhat.com/errata/RHSA-2025:8919
reference_id RHSA-2025:8919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8919
32
reference_url https://access.redhat.com/errata/RHSA-2025:9114
reference_id RHSA-2025:9114
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9114
33
reference_url https://access.redhat.com/errata/RHSA-2025:9115
reference_id RHSA-2025:9115
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9115
34
reference_url https://access.redhat.com/errata/RHSA-2025:9117
reference_id RHSA-2025:9117
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9117
35
reference_url https://access.redhat.com/errata/RHSA-2025:9166
reference_id RHSA-2025:9166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9166
36
reference_url https://access.redhat.com/errata/RHSA-2025:9318
reference_id RHSA-2025:9318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9318
37
reference_url https://access.redhat.com/errata/RHSA-2025:9696
reference_id RHSA-2025:9696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9696
38
reference_url https://access.redhat.com/errata/RHSA-2025:9697
reference_id RHSA-2025:9697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9697
fixed_packages
aliases CVE-2025-48734, GHSA-wxr5-93ph-8wr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1j1w-c84m-b3h3
1
url VCID-7bzk-k461-g3dd
vulnerability_id VCID-7bzk-k461-g3dd
summary org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2251.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2251.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2251
reference_id
reference_type
scores
0
value 0.03835
scoring_system epss
scoring_elements 0.88176
published_at 2026-04-18T12:55:00Z
1
value 0.03835
scoring_system epss
scoring_elements 0.88178
published_at 2026-04-16T12:55:00Z
2
value 0.03835
scoring_system epss
scoring_elements 0.88112
published_at 2026-04-02T12:55:00Z
3
value 0.03835
scoring_system epss
scoring_elements 0.88128
published_at 2026-04-04T12:55:00Z
4
value 0.03835
scoring_system epss
scoring_elements 0.88135
published_at 2026-04-07T12:55:00Z
5
value 0.03835
scoring_system epss
scoring_elements 0.88154
published_at 2026-04-08T12:55:00Z
6
value 0.03835
scoring_system epss
scoring_elements 0.8816
published_at 2026-04-09T12:55:00Z
7
value 0.03835
scoring_system epss
scoring_elements 0.8817
published_at 2026-04-11T12:55:00Z
8
value 0.03835
scoring_system epss
scoring_elements 0.88163
published_at 2026-04-12T12:55:00Z
9
value 0.03835
scoring_system epss
scoring_elements 0.88164
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2251
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2351678
reference_id 2351678
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-07T14:18:34Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2351678
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
10
reference_url https://access.redhat.com/security/cve/CVE-2025-2251
reference_id CVE-2025-2251
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-07T14:18:34Z/
url https://access.redhat.com/security/cve/CVE-2025-2251
11
reference_url https://access.redhat.com/errata/RHSA-2025:10452
reference_id RHSA-2025:10452
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-07T14:18:34Z/
url https://access.redhat.com/errata/RHSA-2025:10452
12
reference_url https://access.redhat.com/errata/RHSA-2025:10453
reference_id RHSA-2025:10453
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-07T14:18:34Z/
url https://access.redhat.com/errata/RHSA-2025:10453
13
reference_url https://access.redhat.com/errata/RHSA-2025:10459
reference_id RHSA-2025:10459
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-07T14:18:34Z/
url https://access.redhat.com/errata/RHSA-2025:10459
14
reference_url https://access.redhat.com/errata/RHSA-2025:10931
reference_id RHSA-2025:10931
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-07T14:18:34Z/
url https://access.redhat.com/errata/RHSA-2025:10931
fixed_packages
aliases CVE-2025-2251
risk_score 2.8
exploitability 0.5
weighted_severity 5.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bzk-k461-g3dd
2
url VCID-8ew2-s4a9-u7cu
vulnerability_id VCID-8ew2-s4a9-u7cu
summary 
HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store
A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.

### Impact
Cross-site scripting (XSS) vulnerability in the management console.

### Patches
Fixed in [HAL 3.7.11.Final](https://github.com/hal/console/releases/tag/v3.7.11)

### Workarounds
No workaround available
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2901.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2901.json
1
reference_url https://access.redhat.com/security/cve/CVE-2025-2901
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-2901
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2355685
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2355685
3
reference_url https://github.com/hal/console
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hal/console
4
reference_url https://github.com/hal/console/commit/216de3b8aa82ea92df10cc296d88c68467cf2c52
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hal/console/commit/216de3b8aa82ea92df10cc296d88c68467cf2c52
5
reference_url https://github.com/hal/console/releases/tag/v3.7.11
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hal/console/releases/tag/v3.7.11
6
reference_url https://github.com/hal/console/security/advisories/GHSA-f7jh-m6wp-jm7f
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hal/console/security/advisories/GHSA-f7jh-m6wp-jm7f
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2901
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2901
8
reference_url https://github.com/advisories/GHSA-f7jh-m6wp-jm7f
reference_id GHSA-f7jh-m6wp-jm7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7jh-m6wp-jm7f
9
reference_url https://access.redhat.com/errata/RHSA-2025:10452
reference_id RHSA-2025:10452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10452
10
reference_url https://access.redhat.com/errata/RHSA-2025:10453
reference_id RHSA-2025:10453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10453
11
reference_url https://access.redhat.com/errata/RHSA-2025:10459
reference_id RHSA-2025:10459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10459
12
reference_url https://access.redhat.com/errata/RHSA-2025:10931
reference_id RHSA-2025:10931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10931
fixed_packages
aliases CVE-2025-2901, GHSA-f7jh-m6wp-jm7f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ew2-s4a9-u7cu
3
url VCID-k7q1-8u4r-sqd7
vulnerability_id VCID-k7q1-8u4r-sqd7
summary 
Homograph attack allows Unicode lookalike characters to bypass validation.
### Impact

Attackers can deceive users into sending funds to an unintended address.

### Patches

https://github.com/cryptocoinjs/base-x/pull/86
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27611.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27611.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27611
reference_id
reference_type
scores
0
value 0.00377
scoring_system epss
scoring_elements 0.59353
published_at 2026-04-18T12:55:00Z
1
value 0.00377
scoring_system epss
scoring_elements 0.59347
published_at 2026-04-16T12:55:00Z
2
value 0.00377
scoring_system epss
scoring_elements 0.59313
published_at 2026-04-13T12:55:00Z
3
value 0.00377
scoring_system epss
scoring_elements 0.59265
published_at 2026-04-07T12:55:00Z
4
value 0.00377
scoring_system epss
scoring_elements 0.59331
published_at 2026-04-12T12:55:00Z
5
value 0.00377
scoring_system epss
scoring_elements 0.59348
published_at 2026-04-11T12:55:00Z
6
value 0.00377
scoring_system epss
scoring_elements 0.59301
published_at 2026-04-04T12:55:00Z
7
value 0.00377
scoring_system epss
scoring_elements 0.59328
published_at 2026-04-09T12:55:00Z
8
value 0.00377
scoring_system epss
scoring_elements 0.59316
published_at 2026-04-08T12:55:00Z
9
value 0.00377
scoring_system epss
scoring_elements 0.59277
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27611
2
reference_url https://github.com/cryptocoinjs/base-x
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cryptocoinjs/base-x
3
reference_url https://github.com/cryptocoinjs/base-x/pull/86
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T18:49:09Z/
url https://github.com/cryptocoinjs/base-x/pull/86
4
reference_url https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T18:49:09Z/
url https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27611
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27611
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2363176
reference_id 2363176
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2363176
7
reference_url https://github.com/advisories/GHSA-xq7p-g2vc-g82p
reference_id GHSA-xq7p-g2vc-g82p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xq7p-g2vc-g82p
8
reference_url https://access.redhat.com/errata/RHSA-2025:10452
reference_id RHSA-2025:10452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10452
9
reference_url https://access.redhat.com/errata/RHSA-2025:10453
reference_id RHSA-2025:10453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10453
10
reference_url https://access.redhat.com/errata/RHSA-2025:10459
reference_id RHSA-2025:10459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10459
fixed_packages
aliases CVE-2025-27611, GHSA-xq7p-g2vc-g82p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7q1-8u4r-sqd7
4
url VCID-ytk3-rjrf-wfh9
vulnerability_id VCID-ytk3-rjrf-wfh9
summary 
Apache CXF: Denial of Service vulnerability with temporary files
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23184.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-23184
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29667
published_at 2026-04-18T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.29689
published_at 2026-04-16T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29672
published_at 2026-04-13T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29722
published_at 2026-04-12T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29768
published_at 2026-04-11T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.29765
published_at 2026-04-09T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.29729
published_at 2026-04-08T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29666
published_at 2026-04-07T12:55:00Z
8
value 0.00112
scoring_system epss
scoring_elements 0.29804
published_at 2026-04-02T12:55:00Z
9
value 0.00112
scoring_system epss
scoring_elements 0.29851
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-23184
2
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
3
reference_url https://github.com/apache/cxf/pull/2048
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/pull/2048
4
reference_url https://github.com/apache/cxf/pull/2111
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/pull/2111
5
reference_url https://issues.apache.org/jira/browse/CXF-7396
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CXF-7396
6
reference_url https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T15:12:38Z/
url https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-23184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-23184
8
reference_url https://security.netapp.com/advisory/ntap-20250214-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250214-0003
9
reference_url https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability
10
reference_url https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability
11
reference_url http://www.openwall.com/lists/oss-security/2025/01/20/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/01/20/3
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2339095
reference_id 2339095
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2339095
13
reference_url https://github.com/advisories/GHSA-fh5r-crhr-qrrq
reference_id GHSA-fh5r-crhr-qrrq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh5r-crhr-qrrq
14
reference_url https://access.redhat.com/errata/RHSA-2025:10452
reference_id RHSA-2025:10452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10452
15
reference_url https://access.redhat.com/errata/RHSA-2025:10453
reference_id RHSA-2025:10453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10453
16
reference_url https://access.redhat.com/errata/RHSA-2025:10459
reference_id RHSA-2025:10459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10459
17
reference_url https://access.redhat.com/errata/RHSA-2025:10931
reference_id RHSA-2025:10931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10931
fixed_packages
aliases CVE-2025-23184, GHSA-fh5r-crhr-qrrq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytk3-rjrf-wfh9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1%3Farch=el8eap