Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7?arch=el7

Type rpm

Namespace redhat

Name eap7-jboss-xnio-base

Version 3.5.10-1.Final_redhat_00001.1.ep7

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-6yqn-2w2d-3yd3

vulnerability_id

VCID-6yqn-2w2d-3yd3

summary

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2.  Users should update to apache-avro version 1.11.3 which addresses this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39410

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.18938
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18984
published_at	2026-04-13T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19036
published_at	2026-04-12T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19082
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19077
published_at	2026-04-09T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19175
published_at	2026-04-02T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19227
published_at	2026-04-04T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19023
published_at	2026-04-08T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18943
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39410

reference_url

https://github.com/apache/avro

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro

reference_url

https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml

reference_url

https://issues.apache.org/jira/browse/AVRO-3819

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AVRO-3819

reference_url

https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/

url

https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://www.openwall.com/lists/oss-security/2023/09/29/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/

url

https://www.openwall.com/lists/oss-security/2023/09/29/6

reference_url

http://www.openwall.com/lists/oss-security/2023/09/29/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/09/29/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2242521
reference_id	2242521
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2242521

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-39410

reference_id

CVE-2023-39410

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-39410

reference_url

https://github.com/advisories/GHSA-rhrv-645h-fjfh

reference_id

GHSA-rhrv-645h-fjfh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rhrv-645h-fjfh

reference_url	https://access.redhat.com/errata/RHSA-2023:7617
reference_id	RHSA-2023:7617
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7617

fixed_packages

aliases

CVE-2023-39410, GHSA-rhrv-645h-fjfh, PYSEC-2023-188

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6yqn-2w2d-3yd3

url

VCID-agjx-5whj-dyac

vulnerability_id

VCID-agjx-5whj-dyac

summary

Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47561.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47561.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47561

reference_id

reference_type

scores

value	0.00747
scoring_system	epss
scoring_elements	0.73118
published_at	2026-04-16T12:55:00Z

value	0.00747
scoring_system	epss
scoring_elements	0.73075
published_at	2026-04-13T12:55:00Z

value	0.00747
scoring_system	epss
scoring_elements	0.73032
published_at	2026-04-02T12:55:00Z

value	0.00747
scoring_system	epss
scoring_elements	0.73052
published_at	2026-04-04T12:55:00Z

value	0.00747
scoring_system	epss
scoring_elements	0.73081
published_at	2026-04-12T12:55:00Z

value	0.00747
scoring_system	epss
scoring_elements	0.73102
published_at	2026-04-11T12:55:00Z

value	0.00747
scoring_system	epss
scoring_elements	0.73077
published_at	2026-04-09T12:55:00Z

value	0.00747
scoring_system	epss
scoring_elements	0.73064
published_at	2026-04-08T12:55:00Z

value	0.00747
scoring_system	epss
scoring_elements	0.73027
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47561

reference_url

https://github.com/apache/avro

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro

reference_url

https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900

reference_url

https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285

reference_url

https://github.com/apache/avro/pull/2934

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro/pull/2934

reference_url

https://github.com/apache/avro/pull/2980

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro/pull/2980

reference_url

https://issues.apache.org/jira/browse/AVRO-3985

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AVRO-3985

reference_url

https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T18:53:44Z/

url

https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-47561

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-47561

reference_url

https://security.netapp.com/advisory/ntap-20241011-0003

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241011-0003

reference_url

https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html

reference_url

https://www.openwall.com/lists/oss-security/2024/10/03/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2024/10/03/1

reference_url

http://www.openwall.com/lists/oss-security/2024/10/03/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/10/03/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2316116
reference_id	2316116
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2316116

reference_url

https://github.com/advisories/GHSA-r7pg-v2c8-mfg3

reference_id

GHSA-r7pg-v2c8-mfg3

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r7pg-v2c8-mfg3

reference_url	https://access.redhat.com/errata/RHSA-2024:7670
reference_id	RHSA-2024:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7670

reference_url	https://access.redhat.com/errata/RHSA-2024:7676
reference_id	RHSA-2024:7676
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7676

reference_url	https://access.redhat.com/errata/RHSA-2024:7811
reference_id	RHSA-2024:7811
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7811

reference_url	https://access.redhat.com/errata/RHSA-2024:7812
reference_id	RHSA-2024:7812
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7812

reference_url	https://access.redhat.com/errata/RHSA-2024:7861
reference_id	RHSA-2024:7861
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7861

reference_url	https://access.redhat.com/errata/RHSA-2024:7972
reference_id	RHSA-2024:7972
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7972

reference_url	https://access.redhat.com/errata/RHSA-2024:8064
reference_id	RHSA-2024:8064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8064

reference_url	https://access.redhat.com/errata/RHSA-2024:8093
reference_id	RHSA-2024:8093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8093

reference_url	https://access.redhat.com/errata/RHSA-2024:8339
reference_id	RHSA-2024:8339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8339

fixed_packages

aliases

CVE-2024-47561, GHSA-r7pg-v2c8-mfg3

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-agjx-5whj-dyac

url

VCID-efw6-swgm-4fbc

vulnerability_id

VCID-efw6-swgm-4fbc

summary

SSRF vulnerability using the Aegis DataBinding in Apache CXF
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28752

reference_id

reference_type

scores

value	0.0059
scoring_system	epss
scoring_elements	0.69148
published_at	2026-04-02T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.74016
published_at	2026-04-04T12:55:00Z

value	0.55152
scoring_system	epss
scoring_elements	0.98057
published_at	2026-04-09T12:55:00Z

value	0.55152
scoring_system	epss
scoring_elements	0.98062
published_at	2026-04-13T12:55:00Z

value	0.55152
scoring_system	epss
scoring_elements	0.98052
published_at	2026-04-07T12:55:00Z

value	0.55152
scoring_system	epss
scoring_elements	0.98056
published_at	2026-04-08T12:55:00Z

value	0.55152
scoring_system	epss
scoring_elements	0.98061
published_at	2026-04-11T12:55:00Z

value	0.57136
scoring_system	epss
scoring_elements	0.98152
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28752

reference_url

https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/

url

https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url

https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28752

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28752

reference_url

https://security.netapp.com/advisory/ntap-20240517-0001

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240517-0001

reference_url

http://www.openwall.com/lists/oss-security/2024/03/14/3

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/

url

http://www.openwall.com/lists/oss-security/2024/03/14/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270732
reference_id	2270732
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270732

reference_url

https://github.com/advisories/GHSA-qmgx-j96g-4428

reference_id

GHSA-qmgx-j96g-4428

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qmgx-j96g-4428

reference_url

https://security.netapp.com/advisory/ntap-20240517-0001/

reference_id

ntap-20240517-0001

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/

url

https://security.netapp.com/advisory/ntap-20240517-0001/

reference_url	https://access.redhat.com/errata/RHSA-2024:2834
reference_id	RHSA-2024:2834
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2834

reference_url	https://access.redhat.com/errata/RHSA-2024:2852
reference_id	RHSA-2024:2852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2852

reference_url	https://access.redhat.com/errata/RHSA-2024:3708
reference_id	RHSA-2024:3708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3708

reference_url	https://access.redhat.com/errata/RHSA-2024:5479
reference_id	RHSA-2024:5479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5479

reference_url	https://access.redhat.com/errata/RHSA-2024:5481
reference_id	RHSA-2024:5481
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5481

reference_url	https://access.redhat.com/errata/RHSA-2024:5482
reference_id	RHSA-2024:5482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5482

reference_url	https://access.redhat.com/errata/RHSA-2024:8339
reference_id	RHSA-2024:8339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8339

fixed_packages

aliases

CVE-2024-28752, GHSA-qmgx-j96g-4428

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-efw6-swgm-4fbc

url

VCID-khr7-6pza-afab

vulnerability_id

VCID-khr7-6pza-afab

summary

Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26464

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.35102
published_at	2026-04-16T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35171
published_at	2026-04-04T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35142
published_at	2026-04-02T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35125
published_at	2026-04-11T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.3512
published_at	2026-04-09T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35094
published_at	2026-04-08T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35049
published_at	2026-04-07T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35066
published_at	2026-04-13T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.3509
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26464

reference_url

https://github.com/apache/logging-log4j2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/logging-log4j2

reference_url

https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/

url

https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t

reference_url

https://security.netapp.com/advisory/ntap-20230505-0008

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230505-0008

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2182864
reference_id	2182864
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2182864

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26464

reference_id

CVE-2023-26464

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26464

reference_url

https://github.com/advisories/GHSA-vp98-w2p3-mv35

reference_id

GHSA-vp98-w2p3-mv35

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vp98-w2p3-mv35

reference_url

https://security.netapp.com/advisory/ntap-20230505-0008/

reference_id

ntap-20230505-0008

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/

url

https://security.netapp.com/advisory/ntap-20230505-0008/

reference_url	https://access.redhat.com/errata/RHSA-2023:3663
reference_id	RHSA-2023:3663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3663

fixed_packages

aliases

CVE-2023-26464, GHSA-vp98-w2p3-mv35

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-khr7-6pza-afab

url

VCID-knw5-d2nn-vyhq

vulnerability_id

VCID-knw5-d2nn-vyhq

summary

HyperSQL DataBase vulnerable to remote code execution when processing untrusted input
Those using `java.sql.Statement` or `java.sql.PreparedStatement` in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, `System.setProperty("hsqldb.method_class_names", "abc")` or Java argument `-Dhsqldb.method_class_names="abc"` can be used. From version 2.7.1 all classes by default are not accessible except those in `java.lang.Math` and need to be manually enabled.

references

reference_url

http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/

url

http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41853.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41853.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41853

reference_id

reference_type

scores

value	0.70144
scoring_system	epss
scoring_elements	0.98674
published_at	2026-04-09T12:55:00Z

value	0.70144
scoring_system	epss
scoring_elements	0.98673
published_at	2026-04-08T12:55:00Z

value	0.70144
scoring_system	epss
scoring_elements	0.98666
published_at	2026-04-02T12:55:00Z

value	0.70144
scoring_system	epss
scoring_elements	0.98669
published_at	2026-04-04T12:55:00Z

value	0.70144
scoring_system	epss
scoring_elements	0.98672
published_at	2026-04-07T12:55:00Z

value	0.70144
scoring_system	epss
scoring_elements	0.98681
published_at	2026-04-16T12:55:00Z

value	0.70144
scoring_system	epss
scoring_elements	0.98678
published_at	2026-04-13T12:55:00Z

value	0.70144
scoring_system	epss
scoring_elements	0.98677
published_at	2026-04-12T12:55:00Z

value	0.70144
scoring_system	epss
scoring_elements	0.98676
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41853

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41853
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41853

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2022/12/msg00020.html

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/

url

https://lists.debian.org/debian-lts-announce/2022/12/msg00020.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-41853

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-41853

reference_url

https://sourceforge.net/projects/hsqldb

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://sourceforge.net/projects/hsqldb

reference_url

https://www.debian.org/security/2023/dsa-5313

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/

url

https://www.debian.org/security/2023/dsa-5313

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023573
reference_id	1023573
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023573

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2136141
reference_id	2136141
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2136141

reference_url

https://github.com/advisories/GHSA-77xx-rxvh-q682

reference_id

GHSA-77xx-rxvh-q682

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-77xx-rxvh-q682

reference_url	https://access.redhat.com/errata/RHSA-2022:8559
reference_id	RHSA-2022:8559
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8559

reference_url	https://access.redhat.com/errata/RHSA-2022:8560
reference_id	RHSA-2022:8560
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8560

reference_url	https://access.redhat.com/errata/RHSA-2022:8652
reference_id	RHSA-2022:8652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8652

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

fixed_packages

aliases

CVE-2022-41853, GHSA-77xx-rxvh-q682

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-knw5-d2nn-vyhq

url

VCID-r7tw-km29-4bdp

vulnerability_id

VCID-r7tw-km29-4bdp

summary

HTTP Request Smuggling in Netty
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.

references

reference_url

https://access.redhat.com/errata/RHSA-2020:0497

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0497

reference_url

https://access.redhat.com/errata/RHSA-2020:0567

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0567

reference_url

https://access.redhat.com/errata/RHSA-2020:0601

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0601

reference_url

https://access.redhat.com/errata/RHSA-2020:0605

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0605

reference_url

https://access.redhat.com/errata/RHSA-2020:0606

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0606

reference_url

https://access.redhat.com/errata/RHSA-2020:0804

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0804

reference_url

https://access.redhat.com/errata/RHSA-2020:0805

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0805

reference_url

https://access.redhat.com/errata/RHSA-2020:0806

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0806

reference_url

https://access.redhat.com/errata/RHSA-2020:0811

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0811

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7238.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7238.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7238

reference_id

reference_type

scores

value	0.01498
scoring_system	epss
scoring_elements	0.81157
published_at	2026-04-16T12:55:00Z

value	0.01498
scoring_system	epss
scoring_elements	0.81056
published_at	2026-04-01T12:55:00Z

value	0.01498
scoring_system	epss
scoring_elements	0.81065
published_at	2026-04-02T12:55:00Z

value	0.01498
scoring_system	epss
scoring_elements	0.81089
published_at	2026-04-07T12:55:00Z

value	0.01498
scoring_system	epss
scoring_elements	0.81117
published_at	2026-04-08T12:55:00Z

value	0.01498
scoring_system	epss
scoring_elements	0.81123
published_at	2026-04-09T12:55:00Z

value	0.01498
scoring_system	epss
scoring_elements	0.8114
published_at	2026-04-11T12:55:00Z

value	0.01498
scoring_system	epss
scoring_elements	0.81127
published_at	2026-04-12T12:55:00Z

value	0.01498
scoring_system	epss
scoring_elements	0.8112
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/jdordonezn/CVE-2020-72381/issues/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jdordonezn/CVE-2020-72381/issues/1

reference_url

https://github.com/netty/netty/issues/9861

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/netty/netty/issues/9861

reference_url

https://github.com/netty/netty/pull/9865

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/netty/netty/pull/9865

reference_url

https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/

reference_url

https://netty.io/news

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://netty.io/news

reference_url	https://netty.io/news/
reference_id
reference_type
scores
url	https://netty.io/news/

reference_url	https://netty.io/news/2019/12/18/4-1-44-Final.html
reference_id
reference_type
scores
url	https://netty.io/news/2019/12/18/4-1-44-Final.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7238

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7238

reference_url

https://www.debian.org/security/2021/dsa-4885

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4885

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1796225
reference_id	1796225
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1796225

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950967
reference_id	950967
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950967

reference_url

https://github.com/advisories/GHSA-ff2w-cq2g-wv5f

reference_id

GHSA-ff2w-cq2g-wv5f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ff2w-cq2g-wv5f

reference_url	https://access.redhat.com/errata/RHSA-2020:0922
reference_id	RHSA-2020:0922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0922

reference_url	https://access.redhat.com/errata/RHSA-2020:0939
reference_id	RHSA-2020:0939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0939

reference_url	https://access.redhat.com/errata/RHSA-2020:0951
reference_id	RHSA-2020:0951
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0951

reference_url	https://access.redhat.com/errata/RHSA-2020:1445
reference_id	RHSA-2020:1445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1445

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2321
reference_id	RHSA-2020:2321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2321

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

reference_url	https://usn.ubuntu.com/4600-1/
reference_id	USN-4600-1
reference_type
scores
url	https://usn.ubuntu.com/4600-1/

fixed_packages

aliases

CVE-2020-7238, GHSA-ff2w-cq2g-wv5f

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-r7tw-km29-4bdp

url

VCID-rfs8-njaq-qkc8

vulnerability_id

VCID-rfs8-njaq-qkc8

summary

Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.

A fix for this issue was published in September 2022 as part of an anticipated 2.7.3 release.

references

reference_url

http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34169

reference_id

reference_type

scores

value	0.06658
scoring_system	epss
scoring_elements	0.91216
published_at	2026-04-12T12:55:00Z

value	0.06658
scoring_system	epss
scoring_elements	0.91212
published_at	2026-04-11T12:55:00Z

value	0.06658
scoring_system	epss
scoring_elements	0.91206
published_at	2026-04-09T12:55:00Z

value	0.06658
scoring_system	epss
scoring_elements	0.91199
published_at	2026-04-08T12:55:00Z

value	0.06658
scoring_system	epss
scoring_elements	0.91186
published_at	2026-04-07T12:55:00Z

value	0.06658
scoring_system	epss
scoring_elements	0.91215
published_at	2026-04-13T12:55:00Z

value	0.06658
scoring_system	epss
scoring_elements	0.91239
published_at	2026-04-16T12:55:00Z

value	0.08992
scoring_system	epss
scoring_elements	0.92592
published_at	2026-04-04T12:55:00Z

value	0.08992
scoring_system	epss
scoring_elements	0.92585
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitbox.apache.org/repos/asf?p=xalan-java.git

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gitbox.apache.org/repos/asf?p=xalan-java.git

reference_url

https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81

reference_url

https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573

reference_url

https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21

reference_url

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

reference_url

https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8

reference_url

https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34169

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34169

reference_url

https://security.gentoo.org/glsa/202401-25

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202401-25

reference_url

https://security.netapp.com/advisory/ntap-20220729-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220729-0009

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://www.debian.org/security/2022/dsa-5188

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5188

reference_url

https://www.debian.org/security/2022/dsa-5192

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5192

reference_url

https://www.debian.org/security/2022/dsa-5256

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5256

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://xalan.apache.org

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://xalan.apache.org

reference_url

http://www.openwall.com/lists/oss-security/2022/07/19/5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/07/19/5

reference_url

http://www.openwall.com/lists/oss-security/2022/07/19/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/07/19/6

reference_url

http://www.openwall.com/lists/oss-security/2022/07/20/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/07/20/2

reference_url

http://www.openwall.com/lists/oss-security/2022/07/20/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/07/20/3

reference_url

http://www.openwall.com/lists/oss-security/2022/10/18/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/10/18/2

reference_url

http://www.openwall.com/lists/oss-security/2022/11/04/8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/04/8

reference_url

http://www.openwall.com/lists/oss-security/2022/11/07/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/07/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015860
reference_id	1015860
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015860

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2108554
reference_id	2108554
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2108554

reference_url

https://github.com/advisories/GHSA-9339-86wc-4qgf

reference_id

GHSA-9339-86wc-4qgf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9339-86wc-4qgf

reference_url	https://security.gentoo.org/glsa/202405-16
reference_id	GLSA-202405-16
reference_type
scores
url	https://security.gentoo.org/glsa/202405-16

reference_url	https://access.redhat.com/errata/RHSA-2022:5681
reference_id	RHSA-2022:5681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5681

reference_url	https://access.redhat.com/errata/RHSA-2022:5683
reference_id	RHSA-2022:5683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5683

reference_url	https://access.redhat.com/errata/RHSA-2022:5684
reference_id	RHSA-2022:5684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5684

reference_url	https://access.redhat.com/errata/RHSA-2022:5685
reference_id	RHSA-2022:5685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5685

reference_url	https://access.redhat.com/errata/RHSA-2022:5687
reference_id	RHSA-2022:5687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5687

reference_url	https://access.redhat.com/errata/RHSA-2022:5695
reference_id	RHSA-2022:5695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5695

reference_url	https://access.redhat.com/errata/RHSA-2022:5696
reference_id	RHSA-2022:5696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5696

reference_url	https://access.redhat.com/errata/RHSA-2022:5697
reference_id	RHSA-2022:5697
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5697

reference_url	https://access.redhat.com/errata/RHSA-2022:5698
reference_id	RHSA-2022:5698
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5698

reference_url	https://access.redhat.com/errata/RHSA-2022:5700
reference_id	RHSA-2022:5700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5700

reference_url	https://access.redhat.com/errata/RHSA-2022:5701
reference_id	RHSA-2022:5701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5701

reference_url	https://access.redhat.com/errata/RHSA-2022:5709
reference_id	RHSA-2022:5709
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5709

reference_url	https://access.redhat.com/errata/RHSA-2022:5726
reference_id	RHSA-2022:5726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5726

reference_url	https://access.redhat.com/errata/RHSA-2022:5736
reference_id	RHSA-2022:5736
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5736

reference_url	https://access.redhat.com/errata/RHSA-2022:5753
reference_id	RHSA-2022:5753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5753

reference_url	https://access.redhat.com/errata/RHSA-2022:5754
reference_id	RHSA-2022:5754
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5754

reference_url	https://access.redhat.com/errata/RHSA-2022:5755
reference_id	RHSA-2022:5755
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5755

reference_url	https://access.redhat.com/errata/RHSA-2022:5756
reference_id	RHSA-2022:5756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5756

reference_url	https://access.redhat.com/errata/RHSA-2022:5757
reference_id	RHSA-2022:5757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5757

reference_url	https://access.redhat.com/errata/RHSA-2022:5758
reference_id	RHSA-2022:5758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5758

reference_url	https://access.redhat.com/errata/RHSA-2024:3708
reference_id	RHSA-2024:3708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3708

reference_url	https://usn.ubuntu.com/5546-1/
reference_id	USN-5546-1
reference_type
scores
url	https://usn.ubuntu.com/5546-1/

reference_url	https://usn.ubuntu.com/5546-2/
reference_id	USN-5546-2
reference_type
scores
url	https://usn.ubuntu.com/5546-2/

fixed_packages

aliases

CVE-2022-34169, GHSA-9339-86wc-4qgf

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rfs8-njaq-qkc8

url

VCID-rgtf-p6z8-dkc3

vulnerability_id

VCID-rgtf-p6z8-dkc3

summary

XNIO denial of service vulnerability
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). Version 3.8.14.Final is expected to contain a fix.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:7637

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/

url

https://access.redhat.com/errata/RHSA-2023:7637

reference_url

https://access.redhat.com/errata/RHSA-2023:7638

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/

url

https://access.redhat.com/errata/RHSA-2023:7638

reference_url

https://access.redhat.com/errata/RHSA-2023:7639

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/

url

https://access.redhat.com/errata/RHSA-2023:7639

reference_url

https://access.redhat.com/errata/RHSA-2023:7641

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/

url

https://access.redhat.com/errata/RHSA-2023:7641

reference_url

https://access.redhat.com/errata/RHSA-2024:10207

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/

url

https://access.redhat.com/errata/RHSA-2024:10207

reference_url

https://access.redhat.com/errata/RHSA-2024:10208

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/

url

https://access.redhat.com/errata/RHSA-2024:10208

reference_url

https://access.redhat.com/errata/RHSA-2024:2707

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/

url

https://access.redhat.com/errata/RHSA-2024:2707

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5685.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5685.json

reference_url

https://access.redhat.com/security/cve/CVE-2023-5685

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/

url

https://access.redhat.com/security/cve/CVE-2023-5685

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5685

reference_id

reference_type

scores

value	0.00474
scoring_system	epss
scoring_elements	0.64801
published_at	2026-04-16T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64731
published_at	2026-04-02T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6476
published_at	2026-04-04T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64722
published_at	2026-04-07T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6477
published_at	2026-04-08T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64785
published_at	2026-04-09T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64802
published_at	2026-04-11T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6479
published_at	2026-04-12T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64763
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5685

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2241822

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2241822

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5685
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5685

reference_url

https://github.com/xnio/xnio

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/xnio/xnio

reference_url

https://github.com/xnio/xnio/blob/3.8.13.Final/api/src/main/java/org/xnio/AbstractIoFuture.java#L249

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/xnio/xnio/blob/3.8.13.Final/api/src/main/java/org/xnio/AbstractIoFuture.java#L249

reference_url

https://github.com/xnio/xnio/commit/ffabdcdda508ef87aeadad5ca3f854e274d60ec1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/xnio/xnio/commit/ffabdcdda508ef87aeadad5ca3f854e274d60ec1

reference_url

https://issues.redhat.com/browse/XNIO-423

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/XNIO-423

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-5685

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-5685

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065847
reference_id	1065847
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065847

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
reference_id	cpe:/a:redhat:apache_camel_hawtio:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache-camel-spring-boot:4.4.0
reference_id	cpe:/a:redhat:apache-camel-spring-boot:4.4.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache-camel-spring-boot:4.4.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id	cpe:/a:redhat:build_keycloak:
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
reference_id	cpe:/a:redhat:camel_spring_boot:3
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id	cpe:/a:redhat:integration:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id	cpe:/a:redhat:jbosseapxp
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6
reference_id	cpe:/a:redhat:jboss_fuse_service_works:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7

reference_url

https://github.com/advisories/GHSA-7f88-5hhx-67m2

reference_id

GHSA-7f88-5hhx-67m2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7f88-5hhx-67m2

fixed_packages

aliases

CVE-2023-5685, GHSA-7f88-5hhx-67m2

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rgtf-p6z8-dkc3

url

VCID-zxsk-ucu6-73h1

vulnerability_id

VCID-zxsk-ucu6-73h1

summary

eap-7: heap exhaustion via deserialization

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3171

reference_id

reference_type

scores

value	0.0018
scoring_system	epss
scoring_elements	0.39658
published_at	2026-04-02T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.3968
published_at	2026-04-04T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39598
published_at	2026-04-07T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39652
published_at	2026-04-08T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39666
published_at	2026-04-09T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39676
published_at	2026-04-11T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.3964
published_at	2026-04-12T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39624
published_at	2026-04-13T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39675
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3171

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2213639
reference_id	2213639
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2213639

fixed_packages

aliases

CVE-2023-3171

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-zxsk-ucu6-73h1

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7%3Farch=el7

Package Instance