Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/eap7-insights-java-client@1.1.3-1.redhat_00001.1?arch=el8eap
Typerpm
Namespaceredhat
Nameeap7-insights-java-client
Version1.1.3-1.redhat_00001.1
Qualifiers
arch el8eap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-7rfx-9car-wkcs
vulnerability_id VCID-7rfx-9car-wkcs
summary 
jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled
jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow cross-site scripting (XSS) attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible.

### Impact
Sites that accept input HTML from users and use jsoup to sanitize that HTML, may be vulnerable to cross-site scripting (XSS) attacks, if they have enabled `SafeList.preserveRelativeLinks` and do not set an appropriate Content Security Policy.

### Patches
This issue is patched in jsoup 1.15.3.

Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version.

### Workarounds
To remediate this issue without immediately upgrading:

- disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs
- ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)

### Background and root cause
jsoup includes a [Cleaner](https://jsoup.org/apidocs/org/jsoup/safety/Cleaner.html) component, which is designed to [sanitize input HTML](https://jsoup.org/cookbook/cleaning-html/safelist-sanitizer) against configurable safe-lists of acceptable tags, attributes, and attribute values.

This includes removing potentially malicious attributes such as `<a href="javascript:...">`, which may enable XSS attacks. It does this by validating URL attributes against allowed URL protocols (e.g. `http`, `https`).

However, an attacker may be able to bypass this check by embedding control characters into the href attribute value. This causes the Java URL class, which is used to resolve relative URLs to absolute URLs before checking the URL's protocol, to treat the URL as a relative URL. It is then resolved into an absolute URL with the configured base URI.

For example, `java\tscript:...` would resolve to `https://example.com/java\tscript:...`.

By default, when using a safe-list that allows `a` tags, jsoup will rewrite any relative URLs (e.g. `/foo/`) to an absolute URL (e.g. `https://example.com/foo/`). Therefore, this attack attempt would be successfully mitigated. However, if the option [SafeList.preserveRelativeLinks](https://jsoup.org/apidocs/org/jsoup/safety/Safelist.html#preserveRelativeLinks(boolean)) is enabled (which does not rewrite relative links to absolute), the input is left as-is.

While Java will treat a path like `java\tscript:` as a relative path, as it does not match the allowed characters of a URL spec, browsers may normalize out the control characters, and subsequently evaluate it as a `javascript:` spec inline expression. That disparity then leads to an XSS opportunity.

Sites defining a Content Security Policy that does not allow javascript expressions in link URLs will not be impacted, as the policy will prevent the script's execution.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [jsoup](https://github.com/jhy/jsoup)
* Email the author of jsoup at [jonathan@hedley.net](mailto:jonathan@hedley.net)

### Credits
Thanks to Jens Häderer, who reported this issue, and contributed to its resolution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36033.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36033.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36033
reference_id
reference_type
scores
0
value 0.01637
scoring_system epss
scoring_elements 0.81961
published_at 2026-04-18T12:55:00Z
1
value 0.01637
scoring_system epss
scoring_elements 0.81925
published_at 2026-04-13T12:55:00Z
2
value 0.01637
scoring_system epss
scoring_elements 0.8193
published_at 2026-04-12T12:55:00Z
3
value 0.01637
scoring_system epss
scoring_elements 0.81943
published_at 2026-04-11T12:55:00Z
4
value 0.01637
scoring_system epss
scoring_elements 0.81923
published_at 2026-04-09T12:55:00Z
5
value 0.01637
scoring_system epss
scoring_elements 0.81916
published_at 2026-04-08T12:55:00Z
6
value 0.01637
scoring_system epss
scoring_elements 0.8189
published_at 2026-04-07T12:55:00Z
7
value 0.01637
scoring_system epss
scoring_elements 0.81894
published_at 2026-04-04T12:55:00Z
8
value 0.01637
scoring_system epss
scoring_elements 0.81871
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36033
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jhy/jsoup
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jhy/jsoup
5
reference_url https://github.com/jhy/jsoup/releases/tag/jsoup-1.15.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:56Z/
url https://github.com/jhy/jsoup/releases/tag/jsoup-1.15.3
6
reference_url https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:56Z/
url https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
7
reference_url https://jsoup.org/news/release-1.15.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:56Z/
url https://jsoup.org/news/release-1.15.3
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36033
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36033
9
reference_url https://security.netapp.com/advisory/ntap-20221104-0006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221104-0006
10
reference_url https://security.netapp.com/advisory/ntap-20221104-0006/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:56Z/
url https://security.netapp.com/advisory/ntap-20221104-0006/
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018931
reference_id 1018931
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018931
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2127078
reference_id 2127078
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2127078
13
reference_url https://github.com/advisories/GHSA-gp7f-rwcx-9369
reference_id GHSA-gp7f-rwcx-9369
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gp7f-rwcx-9369
14
reference_url https://access.redhat.com/errata/RHSA-2024:6656
reference_id RHSA-2024:6656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6656
fixed_packages
aliases CVE-2022-36033, GHSA-gp7f-rwcx-9369
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rfx-9car-wkcs
1
url VCID-ftf5-r1db-9qfq
vulnerability_id VCID-ftf5-r1db-9qfq
summary 
Wildfly vulnerable to denial of service
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:8075
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T19:17:30Z/
url https://access.redhat.com/errata/RHSA-2024:8075
1
reference_url https://access.redhat.com/errata/RHSA-2024:8076
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T19:17:30Z/
url https://access.redhat.com/errata/RHSA-2024:8076
2
reference_url https://access.redhat.com/errata/RHSA-2024:8077
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T19:17:30Z/
url https://access.redhat.com/errata/RHSA-2024:8077
3
reference_url https://access.redhat.com/errata/RHSA-2024:8080
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T19:17:30Z/
url https://access.redhat.com/errata/RHSA-2024:8080
4
reference_url https://access.redhat.com/errata/RHSA-2024:8823
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T19:17:30Z/
url https://access.redhat.com/errata/RHSA-2024:8823
5
reference_url https://access.redhat.com/errata/RHSA-2024:8824
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T19:17:30Z/
url https://access.redhat.com/errata/RHSA-2024:8824
6
reference_url https://access.redhat.com/errata/RHSA-2024:8826
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T19:17:30Z/
url https://access.redhat.com/errata/RHSA-2024:8826
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4029.json
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4029.json
8
reference_url https://access.redhat.com/security/cve/CVE-2024-4029
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T19:17:30Z/
url https://access.redhat.com/security/cve/CVE-2024-4029
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4029
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.00946
published_at 2026-04-16T12:55:00Z
1
value 9e-05
scoring_system epss
scoring_elements 0.00962
published_at 2026-04-04T12:55:00Z
2
value 9e-05
scoring_system epss
scoring_elements 0.00966
published_at 2026-04-09T12:55:00Z
3
value 9e-05
scoring_system epss
scoring_elements 0.00971
published_at 2026-04-08T12:55:00Z
4
value 9e-05
scoring_system epss
scoring_elements 0.00954
published_at 2026-04-18T12:55:00Z
5
value 9e-05
scoring_system epss
scoring_elements 0.0095
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4029
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2278615
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T19:17:30Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2278615
11
reference_url https://github.com/wildfly/wildfly
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wildfly/wildfly
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4029
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4029
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
27
reference_url https://github.com/advisories/GHSA-x7g6-rwhc-g7mj
reference_id GHSA-x7g6-rwhc-g7mj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7g6-rwhc-g7mj
fixed_packages
aliases CVE-2024-4029, GHSA-x7g6-rwhc-g7mj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftf5-r1db-9qfq
2
url VCID-mssa-dgz3-w7fh
vulnerability_id VCID-mssa-dgz3-w7fh
summary 
Uncontrolled resource consumption in braces
The NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4068.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4068.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4068
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45242
published_at 2026-04-18T12:55:00Z
1
value 0.00225
scoring_system epss
scoring_elements 0.45248
published_at 2026-04-16T12:55:00Z
2
value 0.00225
scoring_system epss
scoring_elements 0.45196
published_at 2026-04-13T12:55:00Z
3
value 0.00225
scoring_system epss
scoring_elements 0.45194
published_at 2026-04-12T12:55:00Z
4
value 0.00225
scoring_system epss
scoring_elements 0.45226
published_at 2026-04-11T12:55:00Z
5
value 0.00225
scoring_system epss
scoring_elements 0.45205
published_at 2026-04-09T12:55:00Z
6
value 0.00225
scoring_system epss
scoring_elements 0.45209
published_at 2026-04-04T12:55:00Z
7
value 0.00225
scoring_system epss
scoring_elements 0.45186
published_at 2026-04-02T12:55:00Z
8
value 0.00225
scoring_system epss
scoring_elements 0.45151
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4068
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4068
3
reference_url https://devhub.checkmarx.com/cve-details/CVE-2024-4068
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2024-4068
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/micromatch/braces
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/micromatch/braces
6
reference_url https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308
7
reference_url https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T11:10:08Z/
url https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff
8
reference_url https://github.com/micromatch/braces/issues/35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T11:10:08Z/
url https://github.com/micromatch/braces/issues/35
9
reference_url https://github.com/micromatch/braces/pull/37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T11:10:08Z/
url https://github.com/micromatch/braces/pull/37
10
reference_url https://github.com/micromatch/braces/pull/40
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T11:10:08Z/
url https://github.com/micromatch/braces/pull/40
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4068
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4068
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071632
reference_id 1071632
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071632
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2280600
reference_id 2280600
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2280600
14
reference_url https://devhub.checkmarx.com/cve-details/CVE-2024-4068/
reference_id CVE-2024-4068
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-13T11:10:08Z/
url https://devhub.checkmarx.com/cve-details/CVE-2024-4068/
15
reference_url https://github.com/advisories/GHSA-grv7-fg5c-xmjg
reference_id GHSA-grv7-fg5c-xmjg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-grv7-fg5c-xmjg
16
reference_url https://access.redhat.com/errata/RHSA-2024:4464
reference_id RHSA-2024:4464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4464
17
reference_url https://access.redhat.com/errata/RHSA-2024:6211
reference_id RHSA-2024:6211
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6211
fixed_packages
aliases CVE-2024-4068, GHSA-grv7-fg5c-xmjg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mssa-dgz3-w7fh
3
url VCID-rfs8-njaq-qkc8
vulnerability_id VCID-rfs8-njaq-qkc8
summary 
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.

A fix for this issue was published in September 2022 as part of an anticipated 2.7.3 release.
references
0
reference_url http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34169
reference_id
reference_type
scores
0
value 0.06658
scoring_system epss
scoring_elements 0.91216
published_at 2026-04-12T12:55:00Z
1
value 0.06658
scoring_system epss
scoring_elements 0.91212
published_at 2026-04-11T12:55:00Z
2
value 0.06658
scoring_system epss
scoring_elements 0.91206
published_at 2026-04-09T12:55:00Z
3
value 0.06658
scoring_system epss
scoring_elements 0.91199
published_at 2026-04-08T12:55:00Z
4
value 0.06658
scoring_system epss
scoring_elements 0.91186
published_at 2026-04-07T12:55:00Z
5
value 0.06658
scoring_system epss
scoring_elements 0.91215
published_at 2026-04-13T12:55:00Z
6
value 0.06658
scoring_system epss
scoring_elements 0.91239
published_at 2026-04-18T12:55:00Z
7
value 0.08992
scoring_system epss
scoring_elements 0.92592
published_at 2026-04-04T12:55:00Z
8
value 0.08992
scoring_system epss
scoring_elements 0.92585
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://gitbox.apache.org/repos/asf?p=xalan-java.git
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitbox.apache.org/repos/asf?p=xalan-java.git
9
reference_url https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81
10
reference_url https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573
11
reference_url https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21
12
reference_url https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
13
reference_url https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
14
reference_url https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471
15
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34169
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34169
29
reference_url https://security.gentoo.org/glsa/202401-25
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202401-25
30
reference_url https://security.netapp.com/advisory/ntap-20220729-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220729-0009
31
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
32
reference_url https://www.debian.org/security/2022/dsa-5188
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5188
33
reference_url https://www.debian.org/security/2022/dsa-5192
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5192
34
reference_url https://www.debian.org/security/2022/dsa-5256
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5256
35
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
36
reference_url https://xalan.apache.org
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://xalan.apache.org
37
reference_url http://www.openwall.com/lists/oss-security/2022/07/19/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/07/19/5
38
reference_url http://www.openwall.com/lists/oss-security/2022/07/19/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/07/19/6
39
reference_url http://www.openwall.com/lists/oss-security/2022/07/20/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/07/20/2
40
reference_url http://www.openwall.com/lists/oss-security/2022/07/20/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/07/20/3
41
reference_url http://www.openwall.com/lists/oss-security/2022/10/18/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/10/18/2
42
reference_url http://www.openwall.com/lists/oss-security/2022/11/04/8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/04/8
43
reference_url http://www.openwall.com/lists/oss-security/2022/11/07/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/07/2
44
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015860
reference_id 1015860
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015860
45
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2108554
reference_id 2108554
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2108554
46
reference_url https://github.com/advisories/GHSA-9339-86wc-4qgf
reference_id GHSA-9339-86wc-4qgf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9339-86wc-4qgf
47
reference_url https://security.gentoo.org/glsa/202405-16
reference_id GLSA-202405-16
reference_type
scores
url https://security.gentoo.org/glsa/202405-16
48
reference_url https://access.redhat.com/errata/RHSA-2022:5681
reference_id RHSA-2022:5681
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5681
49
reference_url https://access.redhat.com/errata/RHSA-2022:5683
reference_id RHSA-2022:5683
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5683
50
reference_url https://access.redhat.com/errata/RHSA-2022:5684
reference_id RHSA-2022:5684
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5684
51
reference_url https://access.redhat.com/errata/RHSA-2022:5685
reference_id RHSA-2022:5685
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5685
52
reference_url https://access.redhat.com/errata/RHSA-2022:5687
reference_id RHSA-2022:5687
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5687
53
reference_url https://access.redhat.com/errata/RHSA-2022:5695
reference_id RHSA-2022:5695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5695
54
reference_url https://access.redhat.com/errata/RHSA-2022:5696
reference_id RHSA-2022:5696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5696
55
reference_url https://access.redhat.com/errata/RHSA-2022:5697
reference_id RHSA-2022:5697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5697
56
reference_url https://access.redhat.com/errata/RHSA-2022:5698
reference_id RHSA-2022:5698
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5698
57
reference_url https://access.redhat.com/errata/RHSA-2022:5700
reference_id RHSA-2022:5700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5700
58
reference_url https://access.redhat.com/errata/RHSA-2022:5701
reference_id RHSA-2022:5701
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5701
59
reference_url https://access.redhat.com/errata/RHSA-2022:5709
reference_id RHSA-2022:5709
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5709
60
reference_url https://access.redhat.com/errata/RHSA-2022:5726
reference_id RHSA-2022:5726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5726
61
reference_url https://access.redhat.com/errata/RHSA-2022:5736
reference_id RHSA-2022:5736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5736
62
reference_url https://access.redhat.com/errata/RHSA-2022:5753
reference_id RHSA-2022:5753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5753
63
reference_url https://access.redhat.com/errata/RHSA-2022:5754
reference_id RHSA-2022:5754
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5754
64
reference_url https://access.redhat.com/errata/RHSA-2022:5755
reference_id RHSA-2022:5755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5755
65
reference_url https://access.redhat.com/errata/RHSA-2022:5756
reference_id RHSA-2022:5756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5756
66
reference_url https://access.redhat.com/errata/RHSA-2022:5757
reference_id RHSA-2022:5757
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5757
67
reference_url https://access.redhat.com/errata/RHSA-2022:5758
reference_id RHSA-2022:5758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5758
68
reference_url https://access.redhat.com/errata/RHSA-2024:3708
reference_id RHSA-2024:3708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3708
69
reference_url https://usn.ubuntu.com/5546-1/
reference_id USN-5546-1
reference_type
scores
url https://usn.ubuntu.com/5546-1/
70
reference_url https://usn.ubuntu.com/5546-2/
reference_id USN-5546-2
reference_type
scores
url https://usn.ubuntu.com/5546-2/
fixed_packages
aliases CVE-2022-34169, GHSA-9339-86wc-4qgf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfs8-njaq-qkc8
4
url VCID-wfmh-pkck-yfb3
vulnerability_id VCID-wfmh-pkck-yfb3
summary 
jose4j denial of service via specifically crafted JWE
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51775.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-51775
reference_id
reference_type
scores
0
value 0.00429
scoring_system epss
scoring_elements 0.62541
published_at 2026-04-18T12:55:00Z
1
value 0.00429
scoring_system epss
scoring_elements 0.62442
published_at 2026-04-02T12:55:00Z
2
value 0.00429
scoring_system epss
scoring_elements 0.62473
published_at 2026-04-04T12:55:00Z
3
value 0.00429
scoring_system epss
scoring_elements 0.6244
published_at 2026-04-07T12:55:00Z
4
value 0.00429
scoring_system epss
scoring_elements 0.62491
published_at 2026-04-08T12:55:00Z
5
value 0.00429
scoring_system epss
scoring_elements 0.62507
published_at 2026-04-09T12:55:00Z
6
value 0.00429
scoring_system epss
scoring_elements 0.62526
published_at 2026-04-11T12:55:00Z
7
value 0.00429
scoring_system epss
scoring_elements 0.62515
published_at 2026-04-12T12:55:00Z
8
value 0.00429
scoring_system epss
scoring_elements 0.62493
published_at 2026-04-13T12:55:00Z
9
value 0.00429
scoring_system epss
scoring_elements 0.62534
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-51775
2
reference_url https://bitbucket.org/b_c/jose4j/commits/1afaa1e174b3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/commits/1afaa1e174b3
3
reference_url https://bitbucket.org/b_c/jose4j/issues/212
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:51:39Z/
url https://bitbucket.org/b_c/jose4j/issues/212
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51775
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-51775
6
reference_url https://security.netapp.com/advisory/ntap-20241108-0002
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241108-0002
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266921
reference_id 2266921
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266921
8
reference_url https://github.com/advisories/GHSA-6qvw-249j-h44c
reference_id GHSA-6qvw-249j-h44c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qvw-249j-h44c
9
reference_url https://access.redhat.com/errata/RHSA-2024:3550
reference_id RHSA-2024:3550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3550
fixed_packages
aliases CVE-2023-51775, GHSA-6qvw-249j-h44c
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfmh-pkck-yfb3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-insights-java-client@1.1.3-1.redhat_00001.1%3Farch=el8eap