Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/937766?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "type": "deb", "namespace": "debian", "name": "resteasy3.0", "version": "3.0.26-6", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15928?format=api", "vulnerability_id": "VCID-17rd-f1mq-kfgr", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nRESTEasy allows remote authenticated users to obtain sensitive information by leveraging \"insufficient use of random values\" in async jobs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6345.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6345.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24533", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24613", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24568", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2463", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2461", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24725", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24497", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6345" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372117", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372117" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6345" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170", "reference_id": "837170", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6345", "reference_id": "CVE-2016-6345", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6345" }, { "reference_url": "https://github.com/advisories/GHSA-vxhj-3x7p-jxp5", "reference_id": "GHSA-vxhj-3x7p-jxp5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxhj-3x7p-jxp5" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937767?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6345", "GHSA-vxhj-3x7p-jxp5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17rd-f1mq-kfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44393?format=api", "vulnerability_id": "VCID-1um9-45xa-nbaf", "summary": "Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy\nA flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25724.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25724.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2020-25724", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2020-25724" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3273", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32862", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32897", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32717", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32765", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32793", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32756", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32731", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25724" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25724", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25724" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210702-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210702-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210702-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210702-0003/" }, { "reference_url": "https://github.com/advisories/GHSA-9699-gm7f-cmjv", "reference_id": "GHSA-9699-gm7f-cmjv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9699-gm7f-cmjv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1004", "reference_id": "RHSA-2021:1004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937769?format=api", "purl": "pkg:deb/debian/resteasy3.0@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-25724", "GHSA-9699-gm7f-cmjv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1um9-45xa-nbaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13461?format=api", "vulnerability_id": "VCID-6265-k551-gyfv", "summary": "Uncontrolled Resource Consumption\nA vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14326.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14326.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65904", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65866", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65918", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65929", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65947", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65934", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14326" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "https://github.com/resteasy/Resteasy/pull/2471", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy/pull/2471" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210713-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210713-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210713-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210713-0001/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14326", "reference_id": "CVE-2020-14326", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14326" }, { "reference_url": "https://github.com/advisories/GHSA-37g7-8vjj-pjpj", "reference_id": "GHSA-37g7-8vjj-pjpj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-37g7-8vjj-pjpj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3248", "reference_id": "RHSA-2020:3248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5568", "reference_id": "RHSA-2020:5568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4918", "reference_id": "RHSA-2021:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4918" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937769?format=api", "purl": "pkg:deb/debian/resteasy3.0@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14326", "GHSA-37g7-8vjj-pjpj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6265-k551-gyfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14877?format=api", "vulnerability_id": "VCID-6qhb-4jya-hffz", "summary": "Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP\nRed Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0478", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0479", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0480", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0481", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0481" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7561.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7561.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77769", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.7777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77743", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77727", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77754", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.7771", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7561" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "https://issues.jboss.org/browse/RESTEASY-1704", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/RESTEASY-1704" }, { "reference_url": "http://www.securityfocus.com/bid/100465", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483823", "reference_id": "1483823", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483823" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873392", "reference_id": "873392", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873392" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908836", "reference_id": "908836", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908836" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7561", "reference_id": "CVE-2017-7561", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7561" }, { "reference_url": "https://github.com/advisories/GHSA-57q5-x8jf-g7h8", "reference_id": "GHSA-57q5-x8jf-g7h8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57q5-x8jf-g7h8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937767?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7561", "GHSA-57q5-x8jf-g7h8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qhb-4jya-hffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56536?format=api", "vulnerability_id": "VCID-7uh1-a5ng-rqch", "summary": "JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack\nJacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6348.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6348.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32741", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32778", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32882", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32777", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32751", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32846", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32703", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32715", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6348" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372129", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372129" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6348" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6348" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170", "reference_id": "837170", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:-:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-9xfc-j5mf-9w5p", "reference_id": "GHSA-9xfc-j5mf-9w5p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xfc-j5mf-9w5p" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937767?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6348", "GHSA-9xfc-j5mf-9w5p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7uh1-a5ng-rqch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54333?format=api", "vulnerability_id": "VCID-aedf-8vvz-37cp", "summary": "Improper Input Validation in RESTEasy\nA flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73161", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73107", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73117", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73138", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73113", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73149", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73163", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73187", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73168", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1695" }, { "reference_url": "https://github.com/resteasy/Resteasy/commit/88ba8537f2e8d465c7031d352bf9bb25526ce475", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy/commit/88ba8537f2e8d465c7031d352bf9bb25526ce475" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034804", "reference_id": "1034804", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462", "reference_id": "1730462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "reference_url": "https://github.com/advisories/GHSA-63cq-ppq8-cw6g", "reference_id": "GHSA-63cq-ppq8-cw6g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-63cq-ppq8-cw6g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2511", "reference_id": "RHSA-2020:2511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2512", "reference_id": "RHSA-2020:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2513", "reference_id": "RHSA-2020:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2515", "reference_id": "RHSA-2020:2515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3779", "reference_id": "RHSA-2020:3779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1775", "reference_id": "RHSA-2021:1775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1775" }, { "reference_url": "https://usn.ubuntu.com/7351-1/", "reference_id": "USN-7351-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7351-1/" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-1695", "GHSA-63cq-ppq8-cw6g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aedf-8vvz-37cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7889?format=api", "vulnerability_id": "VCID-jms5-sctw-mkc5", "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6347.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6347.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26063", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26159", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26234", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26274", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.2611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26122", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26168", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26153", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6347" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372124", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6347" }, { "reference_url": "http://www.securityfocus.com/bid/92759", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92759" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170", "reference_id": "837170", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6347", "reference_id": "CVE-2016-6347", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6347" }, { "reference_url": "https://github.com/advisories/GHSA-r346-rmrg-qpgh", "reference_id": "GHSA-r346-rmrg-qpgh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r346-rmrg-qpgh" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937767?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6347", "GHSA-r346-rmrg-qpgh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jms5-sctw-mkc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84887?format=api", "vulnerability_id": "VCID-kg6v-ry5e-2qbh", "summary": "RESTEasy: SerializableProvider enabled by default and deserializes untrusted data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7050.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7050.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7050", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.6884", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68858", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68879", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68859", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68909", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68927", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.6895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68936", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68907", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378613", "reference_id": "1378613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2604", "reference_id": "RHSA-2016:2604", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2604" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937769?format=api", "purl": "pkg:deb/debian/resteasy3.0@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-7050" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kg6v-ry5e-2qbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15360?format=api", "vulnerability_id": "VCID-p3uc-ee2b-fff5", "summary": "Improper Input Validation\nJBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-1255.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-1255.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1253", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1253" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1254", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1256", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1260", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1410", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1411", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1412", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1675", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1676", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2909", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2913", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2913" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9606.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9606.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02263", "scoring_system": "epss", "scoring_elements": "0.84624", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02263", "scoring_system": "epss", "scoring_elements": "0.84546", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02263", "scoring_system": "epss", "scoring_elements": "0.84561", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02263", "scoring_system": "epss", "scoring_elements": "0.84583", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02263", "scoring_system": "epss", "scoring_elements": "0.84586", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02263", "scoring_system": "epss", "scoring_elements": "0.84607", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02263", "scoring_system": "epss", "scoring_elements": "0.84614", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02263", "scoring_system": "epss", "scoring_elements": "0.84633", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02263", "scoring_system": "epss", "scoring_elements": "0.84628", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9606" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9606" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "http://www.securityfocus.com/bid/94940", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94940" }, { "reference_url": "http://www.securitytracker.com/id/1038524", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1038524" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851430", "reference_id": "851430", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851430" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9606", "reference_id": "CVE-2016-9606", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9606" }, { "reference_url": "https://github.com/advisories/GHSA-hgjr-xwj3-jfvw", "reference_id": "GHSA-hgjr-xwj3-jfvw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgjr-xwj3-jfvw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1255", "reference_id": "RHSA-2017:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1409", "reference_id": "RHSA-2017:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1409" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937767?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9606", "GHSA-hgjr-xwj3-jfvw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3uc-ee2b-fff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44821?format=api", "vulnerability_id": "VCID-qktn-umfn-dkhv", "summary": "Cross-site scripting in RESTEasy\nA cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10688.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10688.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4483", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44745", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44825", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44846", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44787", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4484", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44842", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44828", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10688" }, { "reference_url": "https://github.com/quarkusio/quarkus/issues/7248", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/quarkusio/quarkus/issues/7248" }, { "reference_url": "https://issues.redhat.com/browse/RESTEASY-2519", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/RESTEASY-2519" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210706-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210706-0008" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210706-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210706-0008/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015001", "reference_id": "1015001", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015001" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970328", "reference_id": "970328", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970328" }, { "reference_url": "https://github.com/advisories/GHSA-29qj-rvv6-qrmv", "reference_id": "GHSA-29qj-rvv6-qrmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29qj-rvv6-qrmv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2511", "reference_id": "RHSA-2020:2511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2512", "reference_id": "RHSA-2020:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2513", "reference_id": "RHSA-2020:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2515", "reference_id": "RHSA-2020:2515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3806", "reference_id": "RHSA-2020:3806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3806" }, { "reference_url": "https://usn.ubuntu.com/7351-1/", "reference_id": "USN-7351-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7351-1/" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937770?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-10688", "GHSA-29qj-rvv6-qrmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qktn-umfn-dkhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7499?format=api", "vulnerability_id": "VCID-wbgc-tuj3-47by", "summary": "Uncontrolled Resource Consumption\nRESTEasy enables `GZIPInterceptor`, which allows remote attackers to cause a denial of service via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78778", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78771", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78745", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78763", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78724", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6346" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372120", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6346" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "https://github.com/resteasy/resteasy/pull/1303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy/pull/1303" }, { "reference_url": "https://issues.jboss.org/browse/JBEAP-11180", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/JBEAP-11180" }, { "reference_url": "http://www.securityfocus.com/bid/92744", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170", "reference_id": "837170", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6346", "reference_id": "CVE-2016-6346", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6346" }, { "reference_url": "https://github.com/advisories/GHSA-wxvr-vqfp-9cqw", "reference_id": "GHSA-wxvr-vqfp-9cqw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wxvr-vqfp-9cqw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0517", "reference_id": "RHSA-2017:0517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0826", "reference_id": "RHSA-2017:0826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0827", "reference_id": "RHSA-2017:0827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0828", "reference_id": "RHSA-2017:0828", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0829", "reference_id": "RHSA-2017:0829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0829" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937767?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6346", "GHSA-wxvr-vqfp-9cqw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbgc-tuj3-47by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8728?format=api", "vulnerability_id": "VCID-wjgt-y2vt-63gs", "summary": "Deserialization of Untrusted Data\nResteasy allows Yaml unmarshalling via `Yaml.load()` in `YamlProvider`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1051.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71734", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71751", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71768", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71733", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71695", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71702", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.7172", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71694", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71744", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1051" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539175#c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539175#c3" }, { "reference_url": "https://github.com/resteasy/resteasy/pull/1555", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy/pull/1555" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1051", "reference_id": "CVE-2018-1051", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1051" }, { "reference_url": "https://github.com/advisories/GHSA-m2fv-3rqm-g7p5", "reference_id": "GHSA-m2fv-3rqm-g7p5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m2fv-3rqm-g7p5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937769?format=api", "purl": "pkg:deb/debian/resteasy3.0@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937768?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qktn-umfn-dkhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937766?format=api", "purl": "pkg:deb/debian/resteasy3.0@3.0.26-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1051", "GHSA-m2fv-3rqm-g7p5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wjgt-y2vt-63gs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/resteasy3.0@3.0.26-6%3Fdistro=trixie" }