Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/oath-toolkit@2.6.12-1?arch=el9cp
Typerpm
Namespaceredhat
Nameoath-toolkit
Version2.6.12-1
Qualifiers
arch el9cp
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-9bm9-9f5h-2yg5
vulnerability_id VCID-9bm9-9f5h-2yg5
summary WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42353.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42353.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42353
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.47508
published_at 2026-04-21T12:55:00Z
1
value 0.00263
scoring_system epss
scoring_elements 0.49755
published_at 2026-04-11T12:55:00Z
2
value 0.00263
scoring_system epss
scoring_elements 0.49708
published_at 2026-04-02T12:55:00Z
3
value 0.00263
scoring_system epss
scoring_elements 0.49775
published_at 2026-04-18T12:55:00Z
4
value 0.00263
scoring_system epss
scoring_elements 0.49728
published_at 2026-04-13T12:55:00Z
5
value 0.00263
scoring_system epss
scoring_elements 0.49727
published_at 2026-04-12T12:55:00Z
6
value 0.00263
scoring_system epss
scoring_elements 0.49736
published_at 2026-04-04T12:55:00Z
7
value 0.00263
scoring_system epss
scoring_elements 0.49688
published_at 2026-04-07T12:55:00Z
8
value 0.00263
scoring_system epss
scoring_elements 0.49743
published_at 2026-04-08T12:55:00Z
9
value 0.00263
scoring_system epss
scoring_elements 0.49737
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42353
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42353
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42353
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Pylons/webob
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/webob
5
reference_url https://github.com/Pylons/webob/commit/f689bcf4f0a1f64f1735b1d5069aef5be6974b5b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T14:02:15Z/
url https://github.com/Pylons/webob/commit/f689bcf4f0a1f64f1735b1d5069aef5be6974b5b
6
reference_url https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T14:02:15Z/
url https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/webob/PYSEC-2024-188.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/webob/PYSEC-2024-188.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42353
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42353
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078879
reference_id 1078879
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078879
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2305004
reference_id 2305004
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2305004
11
reference_url https://github.com/advisories/GHSA-mg3v-6m49-jhp3
reference_id GHSA-mg3v-6m49-jhp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg3v-6m49-jhp3
12
reference_url https://access.redhat.com/errata/RHSA-2024:6775
reference_id RHSA-2024:6775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6775
13
reference_url https://access.redhat.com/errata/RHSA-2024:6827
reference_id RHSA-2024:6827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6827
14
reference_url https://access.redhat.com/errata/RHSA-2024:7590
reference_id RHSA-2024:7590
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7590
15
reference_url https://access.redhat.com/errata/RHSA-2024:9983
reference_id RHSA-2024:9983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9983
16
reference_url https://access.redhat.com/errata/RHSA-2024:9989
reference_id RHSA-2024:9989
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9989
17
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
18
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
19
reference_url https://usn.ubuntu.com/6984-1/
reference_id USN-6984-1
reference_type
scores
url https://usn.ubuntu.com/6984-1/
fixed_packages
aliases CVE-2024-42353, GHSA-mg3v-6m49-jhp3, PYSEC-2024-188
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bm9-9f5h-2yg5
1
url VCID-ae1s-qa4g-eyes
vulnerability_id VCID-ae1s-qa4g-eyes
summary Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23491.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23491.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23491
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.1589
published_at 2026-04-08T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.15943
published_at 2026-04-02T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.16006
published_at 2026-04-04T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15805
published_at 2026-04-07T12:55:00Z
4
value 0.00054
scoring_system epss
scoring_elements 0.17101
published_at 2026-04-12T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.17148
published_at 2026-04-11T12:55:00Z
6
value 0.00054
scoring_system epss
scoring_elements 0.17017
published_at 2026-04-21T12:55:00Z
7
value 0.00054
scoring_system epss
scoring_elements 0.16979
published_at 2026-04-18T12:55:00Z
8
value 0.00054
scoring_system epss
scoring_elements 0.16976
published_at 2026-04-16T12:55:00Z
9
value 0.00054
scoring_system epss
scoring_elements 0.1704
published_at 2026-04-13T12:55:00Z
10
value 0.00054
scoring_system epss
scoring_elements 0.17173
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23491
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/certifi/python-certifi
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/certifi/python-certifi
5
reference_url https://github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8
6
reference_url https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:56Z/
url https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2022-42986.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2022-42986.yaml
8
reference_url https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:56Z/
url https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23491
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23491
10
reference_url https://security.netapp.com/advisory/ntap-20230223-0010
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230223-0010
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2180089
reference_id 2180089
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2180089
12
reference_url https://github.com/advisories/GHSA-43fp-rhv2-5gv8
reference_id GHSA-43fp-rhv2-5gv8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43fp-rhv2-5gv8
13
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
14
reference_url https://access.redhat.com/errata/RHSA-2025:9776
reference_id RHSA-2025:9776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9776
fixed_packages
aliases CVE-2022-23491, GHSA-43fp-rhv2-5gv8, PYSEC-2022-42986
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ae1s-qa4g-eyes
2
url VCID-bxfr-hpkh-cyby
vulnerability_id VCID-bxfr-hpkh-cyby
summary Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46136.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46136.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46136
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68063
published_at 2026-04-02T12:55:00Z
1
value 0.00573
scoring_system epss
scoring_elements 0.68716
published_at 2026-04-21T12:55:00Z
2
value 0.00622
scoring_system epss
scoring_elements 0.70096
published_at 2026-04-13T12:55:00Z
3
value 0.00622
scoring_system epss
scoring_elements 0.70109
published_at 2026-04-12T12:55:00Z
4
value 0.00622
scoring_system epss
scoring_elements 0.70123
published_at 2026-04-11T12:55:00Z
5
value 0.00622
scoring_system epss
scoring_elements 0.70149
published_at 2026-04-18T12:55:00Z
6
value 0.00622
scoring_system epss
scoring_elements 0.70139
published_at 2026-04-16T12:55:00Z
7
value 0.00622
scoring_system epss
scoring_elements 0.701
published_at 2026-04-09T12:55:00Z
8
value 0.00622
scoring_system epss
scoring_elements 0.70059
published_at 2026-04-04T12:55:00Z
9
value 0.00622
scoring_system epss
scoring_elements 0.70036
published_at 2026-04-07T12:55:00Z
10
value 0.00622
scoring_system epss
scoring_elements 0.70084
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46136
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
4
reference_url https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
5
reference_url https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9
6
reference_url https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
7
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml
9
reference_url https://security.netapp.com/advisory/ntap-20231124-0008
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231124-0008
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054553
reference_id 1054553
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054553
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246310
reference_id 2246310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246310
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46136
reference_id CVE-2023-46136
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46136
13
reference_url https://github.com/advisories/GHSA-hrfv-mqp8-q5rw
reference_id GHSA-hrfv-mqp8-q5rw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrfv-mqp8-q5rw
14
reference_url https://access.redhat.com/errata/RHSA-2023:7473
reference_id RHSA-2023:7473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7473
15
reference_url https://access.redhat.com/errata/RHSA-2023:7477
reference_id RHSA-2023:7477
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7477
16
reference_url https://access.redhat.com/errata/RHSA-2023:7610
reference_id RHSA-2023:7610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7610
17
reference_url https://access.redhat.com/errata/RHSA-2024:0189
reference_id RHSA-2024:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0189
18
reference_url https://access.redhat.com/errata/RHSA-2024:0214
reference_id RHSA-2024:0214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0214
19
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
fixed_packages
aliases CVE-2023-46136, GHSA-hrfv-mqp8-q5rw, PYSEC-2023-221
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bxfr-hpkh-cyby
3
url VCID-ks48-yq6s-aue1
vulnerability_id VCID-ks48-yq6s-aue1
summary keepalived: Integer overflow vulnerability in vrrp_ipsets_handler
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41184.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41184
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43318
published_at 2026-04-21T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43333
published_at 2026-04-13T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43393
published_at 2026-04-16T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.43383
published_at 2026-04-18T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43327
published_at 2026-04-02T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.43356
published_at 2026-04-04T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43293
published_at 2026-04-07T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43345
published_at 2026-04-08T12:55:00Z
8
value 0.00209
scoring_system epss
scoring_elements 0.43359
published_at 2026-04-09T12:55:00Z
9
value 0.00209
scoring_system epss
scoring_elements 0.4338
published_at 2026-04-11T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.43348
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41184
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41184
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41184
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077370
reference_id 1077370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077370
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2298532
reference_id 2298532
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2298532
6
reference_url https://github.com/acassen/keepalived/issues/2447#issuecomment-2231329734
reference_id 2447#issuecomment-2231329734
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-18T13:39:29Z/
url https://github.com/acassen/keepalived/issues/2447#issuecomment-2231329734
7
reference_url https://access.redhat.com/errata/RHSA-2025:0743
reference_id RHSA-2025:0743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0743
8
reference_url https://access.redhat.com/errata/RHSA-2025:0917
reference_id RHSA-2025:0917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0917
9
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
fixed_packages
aliases CVE-2024-41184
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ks48-yq6s-aue1
4
url VCID-kycs-rbvn-z3e7
vulnerability_id VCID-kycs-rbvn-z3e7
summary Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23934
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50158
published_at 2026-04-21T12:55:00Z
1
value 0.00267
scoring_system epss
scoring_elements 0.50185
published_at 2026-04-18T12:55:00Z
2
value 0.00267
scoring_system epss
scoring_elements 0.50184
published_at 2026-04-16T12:55:00Z
3
value 0.00267
scoring_system epss
scoring_elements 0.50155
published_at 2026-04-04T12:55:00Z
4
value 0.00267
scoring_system epss
scoring_elements 0.50105
published_at 2026-04-07T12:55:00Z
5
value 0.00267
scoring_system epss
scoring_elements 0.50159
published_at 2026-04-08T12:55:00Z
6
value 0.00267
scoring_system epss
scoring_elements 0.50127
published_at 2026-04-02T12:55:00Z
7
value 0.00267
scoring_system epss
scoring_elements 0.50153
published_at 2026-04-09T12:55:00Z
8
value 0.00267
scoring_system epss
scoring_elements 0.5014
published_at 2026-04-13T12:55:00Z
9
value 0.00267
scoring_system epss
scoring_elements 0.5017
published_at 2026-04-11T12:55:00Z
10
value 0.00267
scoring_system epss
scoring_elements 0.50143
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23934
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
7
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
8
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml
10
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
11
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://www.debian.org/security/2023/dsa-5470
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170243
reference_id 2170243
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170243
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23934
reference_id CVE-2023-23934
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23934
15
reference_url https://github.com/advisories/GHSA-px8h-6qxv-m22q
reference_id GHSA-px8h-6qxv-m22q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-px8h-6qxv-m22q
16
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
18
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
19
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
20
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
21
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
aliases CVE-2023-23934, GHSA-px8h-6qxv-m22q, PYSEC-2023-57
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kycs-rbvn-z3e7
5
url VCID-qn4r-71h3-sbgb
vulnerability_id VCID-qn4r-71h3-sbgb
summary Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58624
published_at 2026-04-21T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58647
published_at 2026-04-18T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58642
published_at 2026-04-16T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58609
published_at 2026-04-13T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58629
published_at 2026-04-12T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58648
published_at 2026-04-11T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58625
published_at 2026-04-08T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58573
published_at 2026-04-07T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.58603
published_at 2026-04-04T12:55:00Z
9
value 0.00366
scoring_system epss
scoring_elements 0.58583
published_at 2026-04-02T12:55:00Z
10
value 0.00366
scoring_system epss
scoring_elements 0.58632
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
7
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
8
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
10
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
11
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://www.debian.org/security/2023/dsa-5470
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
reference_id 2170242
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
reference_id CVE-2023-25577
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
15
reference_url https://github.com/advisories/GHSA-xg9f-g7g7-2323
reference_id GHSA-xg9f-g7g7-2323
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg9f-g7g7-2323
16
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
18
reference_url https://access.redhat.com/errata/RHSA-2023:1281
reference_id RHSA-2023:1281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1281
19
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
20
reference_url https://access.redhat.com/errata/RHSA-2023:7341
reference_id RHSA-2023:7341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7341
21
reference_url https://access.redhat.com/errata/RHSA-2023:7473
reference_id RHSA-2023:7473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7473
22
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
23
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
24
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
25
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
aliases CVE-2023-25577, GHSA-xg9f-g7g7-2323, PYSEC-2023-58
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4r-71h3-sbgb
6
url VCID-rk14-bw25-2yhe
vulnerability_id VCID-rk14-bw25-2yhe
summary A vulnerability has been discovered in OATH Toolkit, which could lead to local root privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47191.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47191.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47191
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21294
published_at 2026-04-21T12:55:00Z
1
value 0.0007
scoring_system epss
scoring_elements 0.21455
published_at 2026-04-02T12:55:00Z
2
value 0.0007
scoring_system epss
scoring_elements 0.21509
published_at 2026-04-04T12:55:00Z
3
value 0.0007
scoring_system epss
scoring_elements 0.21261
published_at 2026-04-07T12:55:00Z
4
value 0.0007
scoring_system epss
scoring_elements 0.2134
published_at 2026-04-08T12:55:00Z
5
value 0.0007
scoring_system epss
scoring_elements 0.21401
published_at 2026-04-09T12:55:00Z
6
value 0.0007
scoring_system epss
scoring_elements 0.2141
published_at 2026-04-11T12:55:00Z
7
value 0.0007
scoring_system epss
scoring_elements 0.2137
published_at 2026-04-12T12:55:00Z
8
value 0.0007
scoring_system epss
scoring_elements 0.21316
published_at 2026-04-13T12:55:00Z
9
value 0.0007
scoring_system epss
scoring_elements 0.21311
published_at 2026-04-16T12:55:00Z
10
value 0.0007
scoring_system epss
scoring_elements 0.2132
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47191
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.openwall.com/lists/oss-security/2024/10/04/2
reference_id 2
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-09T20:58:10Z/
url https://www.openwall.com/lists/oss-security/2024/10/04/2
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2316488
reference_id 2316488
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2316488
5
reference_url https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70
reference_id 3235a52f6b87cd1c5da6508f421ac261f5e33a70
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-09T20:58:10Z/
url https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70
6
reference_url https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5
reference_id 3271139989fde35ab0163b558fc29e80c3a280e5
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-09T20:58:10Z/
url https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5
7
reference_url https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43
reference_id 43
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-09T20:58:10Z/
url https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43
8
reference_url https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1a
reference_id 60d9902b5c20f27e70f8e9c816bfdc0467567e1a
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-09T20:58:10Z/
url https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1a
9
reference_url https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418
reference_id 95ef255e6a401949ce3f67609bf8aac2029db418
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-09T20:58:10Z/
url https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418
10
reference_url https://security.archlinux.org/ASA-202410-1
reference_id ASA-202410-1
reference_type
scores
url https://security.archlinux.org/ASA-202410-1
11
reference_url https://security.archlinux.org/AVG-2857
reference_id AVG-2857
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2857
12
reference_url https://www.nongnu.org/oath-toolkit/security/CVE-2024-47191
reference_id CVE-2024-47191
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-09T20:58:10Z/
url https://www.nongnu.org/oath-toolkit/security/CVE-2024-47191
13
reference_url https://security.gentoo.org/glsa/202412-11
reference_id GLSA-202412-11
reference_type
scores
url https://security.gentoo.org/glsa/202412-11
14
reference_url https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.html
reference_id oath-toolkit-vulnerability.html
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-09T20:58:10Z/
url https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.html
15
reference_url https://access.redhat.com/errata/RHSA-2025:3635
reference_id RHSA-2025:3635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3635
16
reference_url https://access.redhat.com/errata/RHSA-2025:4238
reference_id RHSA-2025:4238
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4238
17
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
18
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
19
reference_url https://usn.ubuntu.com/7059-1/
reference_id USN-7059-1
reference_type
scores
url https://usn.ubuntu.com/7059-1/
20
reference_url https://usn.ubuntu.com/7059-2/
reference_id USN-7059-2
reference_type
scores
url https://usn.ubuntu.com/7059-2/
fixed_packages
aliases CVE-2024-47191
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rk14-bw25-2yhe
7
url VCID-xnny-adma-pycj
vulnerability_id VCID-xnny-adma-pycj
summary ceph: RGW crash upon misconfigured CORS rule
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46159.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46159.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46159
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07004
published_at 2026-04-02T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07153
published_at 2026-04-21T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07121
published_at 2026-04-11T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.0711
published_at 2026-04-12T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.071
published_at 2026-04-13T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07036
published_at 2026-04-16T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07021
published_at 2026-04-18T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07057
published_at 2026-04-04T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07037
published_at 2026-04-07T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07091
published_at 2026-04-08T12:55:00Z
10
value 0.00026
scoring_system epss
scoring_elements 0.07122
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46159
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2215374
reference_id 2215374
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2215374
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/268906
reference_id 268906
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T14:17:32Z/
url https://exchange.xforce.ibmcloud.com/vulnerabilities/268906
5
reference_url https://www.ibm.com/support/pages/node/7112263
reference_id 7112263
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T14:17:32Z/
url https://www.ibm.com/support/pages/node/7112263
6
reference_url https://access.redhat.com/errata/RHSA-2023:5693
reference_id RHSA-2023:5693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5693
7
reference_url https://access.redhat.com/errata/RHSA-2024:0745
reference_id RHSA-2024:0745
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0745
8
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
fixed_packages
aliases CVE-2023-46159
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnny-adma-pycj
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/oath-toolkit@2.6.12-1%3Farch=el9cp