Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/libmina-sshd-java@2.13.2-2?distro=trixie
Typedeb
Namespacedebian
Namelibmina-sshd-java
Version2.13.2-2
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.13.2-3
Latest_non_vulnerable_version2.13.2-3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-31an-9pvw-uqf6
vulnerability_id VCID-31an-9pvw-uqf6
summary 
Missing Release of Resource after Effective Lifetime
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30129.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30129.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30129
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.46829
published_at 2026-04-18T12:55:00Z
1
value 0.00237
scoring_system epss
scoring_elements 0.46769
published_at 2026-04-12T12:55:00Z
2
value 0.00237
scoring_system epss
scoring_elements 0.46832
published_at 2026-04-16T12:55:00Z
3
value 0.00237
scoring_system epss
scoring_elements 0.46776
published_at 2026-04-13T12:55:00Z
4
value 0.00237
scoring_system epss
scoring_elements 0.46712
published_at 2026-04-01T12:55:00Z
5
value 0.00237
scoring_system epss
scoring_elements 0.46751
published_at 2026-04-02T12:55:00Z
6
value 0.00237
scoring_system epss
scoring_elements 0.46771
published_at 2026-04-04T12:55:00Z
7
value 0.00237
scoring_system epss
scoring_elements 0.46719
published_at 2026-04-07T12:55:00Z
8
value 0.00237
scoring_system epss
scoring_elements 0.46774
published_at 2026-04-09T12:55:00Z
9
value 0.00237
scoring_system epss
scoring_elements 0.46797
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30129
2
reference_url https://issues.apache.org/jira/browse/SSHD-1125
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SSHD-1125
3
reference_url https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b@%3Cannounce.apache.org%3E
6
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
7
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
8
reference_url http://www.openwall.com/lists/oss-security/2021/07/12/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/07/12/1
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1981527
reference_id 1981527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1981527
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30129
reference_id CVE-2021-30129
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-30129
11
reference_url https://github.com/advisories/GHSA-9279-7hph-r3xw
reference_id GHSA-9279-7hph-r3xw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9279-7hph-r3xw
12
reference_url https://access.redhat.com/errata/RHSA-2021:4676
reference_id RHSA-2021:4676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4676
13
reference_url https://access.redhat.com/errata/RHSA-2021:4677
reference_id RHSA-2021:4677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4677
14
reference_url https://access.redhat.com/errata/RHSA-2021:4679
reference_id RHSA-2021:4679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4679
15
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
16
reference_url https://access.redhat.com/errata/RHSA-2022:1013
reference_id RHSA-2022:1013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1013
17
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
fixed_packages
0
url pkg:deb/debian/libmina-sshd-java@0?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@0%3Fdistro=trixie
1
url pkg:deb/debian/libmina-sshd-java@2.13.2-2?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@2.13.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@2.13.2-2%3Fdistro=trixie
2
url pkg:deb/debian/libmina-sshd-java@2.13.2-3?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@2.13.2-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@2.13.2-3%3Fdistro=trixie
aliases CVE-2021-30129, GHSA-9279-7hph-r3xw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31an-9pvw-uqf6
1
url VCID-netd-rr9e-wbg5
vulnerability_id VCID-netd-rr9e-wbg5
summary 
Unsafe deserialization in Apache MINA SSHD
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

Until version 2.1.0, the code affected by this vulnerability appeared in `org.apache.sshd:sshd-core`. Version 2.1.0 contains a [commit](https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0) where the code was moved to the package `org.apache.sshd:sshd-common`, which did not exist until version 2.1.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45047.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45047.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45047
reference_id
reference_type
scores
0
value 0.05083
scoring_system epss
scoring_elements 0.8982
published_at 2026-04-18T12:55:00Z
1
value 0.05083
scoring_system epss
scoring_elements 0.89815
published_at 2026-04-11T12:55:00Z
2
value 0.05083
scoring_system epss
scoring_elements 0.89806
published_at 2026-04-13T12:55:00Z
3
value 0.05083
scoring_system epss
scoring_elements 0.89813
published_at 2026-04-12T12:55:00Z
4
value 0.05083
scoring_system epss
scoring_elements 0.89785
published_at 2026-04-07T12:55:00Z
5
value 0.05083
scoring_system epss
scoring_elements 0.89802
published_at 2026-04-08T12:55:00Z
6
value 0.05083
scoring_system epss
scoring_elements 0.89809
published_at 2026-04-09T12:55:00Z
7
value 0.05378
scoring_system epss
scoring_elements 0.90075
published_at 2026-04-04T12:55:00Z
8
value 0.05378
scoring_system epss
scoring_elements 0.90064
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45047
2
reference_url https://github.com/apache/mina-sshd
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd
3
reference_url https://github.com/apache/mina-sshd/commit/03238d51586f6b3c0bdbb1a23cf16799344d6c32
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/03238d51586f6b3c0bdbb1a23cf16799344d6c32
4
reference_url https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0
5
reference_url https://github.com/apache/mina-sshd/commit/5a8fe830b2a2308a2b24ac8115a391af477f64f5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/5a8fe830b2a2308a2b24ac8115a391af477f64f5
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45047
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45047
7
reference_url https://www.mail-archive.com/dev@mina.apache.org/msg39312.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mail-archive.com/dev@mina.apache.org/msg39312.html
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2145194
reference_id 2145194
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2145194
9
reference_url https://github.com/advisories/GHSA-fhw8-8j55-vwgq
reference_id GHSA-fhw8-8j55-vwgq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fhw8-8j55-vwgq
10
reference_url https://access.redhat.com/errata/RHSA-2022:8957
reference_id RHSA-2022:8957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8957
11
reference_url https://access.redhat.com/errata/RHSA-2023:0074
reference_id RHSA-2023:0074
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0074
12
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
13
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
14
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
15
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
16
reference_url https://access.redhat.com/errata/RHSA-2023:0560
reference_id RHSA-2023:0560
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0560
17
reference_url https://access.redhat.com/errata/RHSA-2023:0713
reference_id RHSA-2023:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0713
18
reference_url https://access.redhat.com/errata/RHSA-2023:0758
reference_id RHSA-2023:0758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0758
19
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
20
reference_url https://access.redhat.com/errata/RHSA-2023:1064
reference_id RHSA-2023:1064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1064
21
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
22
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
23
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
24
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
25
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
fixed_packages
0
url pkg:deb/debian/libmina-sshd-java@0?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@0%3Fdistro=trixie
1
url pkg:deb/debian/libmina-sshd-java@2.13.2-2?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@2.13.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@2.13.2-2%3Fdistro=trixie
2
url pkg:deb/debian/libmina-sshd-java@2.13.2-3?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@2.13.2-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@2.13.2-3%3Fdistro=trixie
aliases CVE-2022-45047, GHSA-fhw8-8j55-vwgq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-netd-rr9e-wbg5
2
url VCID-r4e4-u4s6-63gc
vulnerability_id VCID-r4e4-u4s6-63gc
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35887.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35887.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-35887
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27613
published_at 2026-04-18T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27687
published_at 2026-04-12T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27639
published_at 2026-04-16T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27787
published_at 2026-04-02T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27629
published_at 2026-04-13T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27826
published_at 2026-04-04T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27617
published_at 2026-04-07T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27683
published_at 2026-04-08T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.27726
published_at 2026-04-09T12:55:00Z
9
value 0.001
scoring_system epss
scoring_elements 0.27731
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-35887
2
reference_url https://github.com/apache/mina-sshd
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd
3
reference_url https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0
4
reference_url https://github.com/apache/mina-sshd/commit/a61e93035f06bff8fc622ad94870fb773d48b9f0
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/a61e93035f06bff8fc622ad94870fb773d48b9f0
5
reference_url https://github.com/apache/mina-sshd/commit/c20739b43aab0f7bf2ccad982a6cb37b9d5a8a0b
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/c20739b43aab0f7bf2ccad982a6cb37b9d5a8a0b
6
reference_url https://github.com/apache/mina-sshd/pull/362
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/pull/362
7
reference_url https://issues.apache.org/jira/browse/SSHD-1324
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SSHD-1324
8
reference_url https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T19:40:36Z/
url https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2240036
reference_id 2240036
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2240036
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-35887
reference_id CVE-2023-35887
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-35887
11
reference_url https://github.com/advisories/GHSA-mjmq-gwgm-5qhm
reference_id GHSA-mjmq-gwgm-5qhm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mjmq-gwgm-5qhm
12
reference_url https://access.redhat.com/errata/RHSA-2024:1192
reference_id RHSA-2024:1192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1192
13
reference_url https://access.redhat.com/errata/RHSA-2024:1193
reference_id RHSA-2024:1193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1193
fixed_packages
0
url pkg:deb/debian/libmina-sshd-java@0?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@0%3Fdistro=trixie
1
url pkg:deb/debian/libmina-sshd-java@2.13.2-2?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@2.13.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@2.13.2-2%3Fdistro=trixie
2
url pkg:deb/debian/libmina-sshd-java@2.13.2-3?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@2.13.2-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@2.13.2-3%3Fdistro=trixie
aliases CVE-2023-35887, GHSA-mjmq-gwgm-5qhm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4e4-u4s6-63gc
3
url VCID-zxcy-vvmk-xbag
vulnerability_id VCID-zxcy-vvmk-xbag
summary 
Apache MINA SSHD: integrity check bypass
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which 
some security features have been downgraded or disabled, aka a Terrapin 
attack

The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41909.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41909.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41909
reference_id
reference_type
scores
0
value 0.00478
scoring_system epss
scoring_elements 0.65044
published_at 2026-04-18T12:55:00Z
1
value 0.00478
scoring_system epss
scoring_elements 0.65035
published_at 2026-04-16T12:55:00Z
2
value 0.00478
scoring_system epss
scoring_elements 0.64964
published_at 2026-04-02T12:55:00Z
3
value 0.00478
scoring_system epss
scoring_elements 0.64997
published_at 2026-04-13T12:55:00Z
4
value 0.00478
scoring_system epss
scoring_elements 0.65025
published_at 2026-04-12T12:55:00Z
5
value 0.00478
scoring_system epss
scoring_elements 0.65036
published_at 2026-04-11T12:55:00Z
6
value 0.00478
scoring_system epss
scoring_elements 0.65018
published_at 2026-04-09T12:55:00Z
7
value 0.00478
scoring_system epss
scoring_elements 0.64991
published_at 2026-04-04T12:55:00Z
8
value 0.00478
scoring_system epss
scoring_elements 0.65003
published_at 2026-04-08T12:55:00Z
9
value 0.00478
scoring_system epss
scoring_elements 0.64954
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41909
2
reference_url https://github.com/apache/mina-sshd
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd
3
reference_url https://github.com/apache/mina-sshd/commit/315739e4e9d1dc7a4ff32ea64936982ed0b73e76
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/315739e4e9d1dc7a4ff32ea64936982ed0b73e76
4
reference_url https://github.com/apache/mina-sshd/commit/6b0fd46f64bcb75eeeee31d65f10242660aad7c1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/6b0fd46f64bcb75eeeee31d65f10242660aad7c1
5
reference_url https://github.com/apache/mina-sshd/commit/7b2c781640a7a78a9455b86593a1f63c9e8cab92
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/7b2c781640a7a78a9455b86593a1f63c9e8cab92
6
reference_url https://github.com/apache/mina-sshd/issues/445
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T14:03:16Z/
url https://github.com/apache/mina-sshd/issues/445
7
reference_url https://github.com/apache/mina-sshd/pull/449
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/pull/449
8
reference_url https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0
9
reference_url https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T14:03:16Z/
url https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41909
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41909
11
reference_url https://security.netapp.com/advisory/ntap-20241011-0006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241011-0006
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2304442
reference_id 2304442
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2304442
13
reference_url https://github.com/advisories/GHSA-2326-hx7g-3m9r
reference_id GHSA-2326-hx7g-3m9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2326-hx7g-3m9r
fixed_packages
0
url pkg:deb/debian/libmina-sshd-java@0?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@0%3Fdistro=trixie
1
url pkg:deb/debian/libmina-sshd-java@2.13.2-2?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@2.13.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@2.13.2-2%3Fdistro=trixie
2
url pkg:deb/debian/libmina-sshd-java@2.13.2-3?distro=trixie
purl pkg:deb/debian/libmina-sshd-java@2.13.2-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@2.13.2-3%3Fdistro=trixie
aliases CVE-2024-41909, GHSA-2326-hx7g-3m9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxcy-vvmk-xbag
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/libmina-sshd-java@2.13.2-2%3Fdistro=trixie