Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/941471?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/941471?format=api", "purl": "pkg:deb/debian/trafficserver@0?distro=sid", "type": "deb", "namespace": "debian", "name": "trafficserver", "version": "0", "qualifiers": { "distro": "sid" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.0.4-1", "latest_non_vulnerable_version": "9.2.5+ds-0+deb12u4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134113?format=api", "vulnerability_id": "VCID-376v-6shk-8ycq", "summary": "Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78981", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.7891", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78928", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78953", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78959", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78982", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78967", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78957", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01206", "scoring_system": "epss", "scoring_elements": "0.78985", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2952" }, { "reference_url": "http://secunia.com/advisories/41356", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41356" }, { "reference_url": "http://securitytracker.com/id?1024417", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024417" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61721" }, { "reference_url": "https://issues.apache.org/jira/browse/TS-425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.apache.org/jira/browse/TS-425" }, { "reference_url": "http://trafficserver.apache.org/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://trafficserver.apache.org/" }, { "reference_url": "http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc" }, { "reference_url": "http://www.securityfocus.com/archive/1/513598/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/513598/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/43111", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/43111" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:traffic_server:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:traffic_server:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2952", "reference_id": "CVE-2010-2952", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2952" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941471?format=api", "purl": "pkg:deb/debian/trafficserver@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941472?format=api", "purl": "pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941470?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941473?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-jabw-thzt-63bb" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-rcdg-j23x-xfbn" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2010-2952" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-376v-6shk-8ycq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/259037?format=api", "vulnerability_id": "VCID-61q8-wyrp-rycg", "summary": "Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77311", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77317", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77346", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77357", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77366", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77393", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77372", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77369", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77409", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.77408", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01034", "scoring_system": "epss", "scoring_elements": "0.774", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41585" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941471?format=api", "purl": "pkg:deb/debian/trafficserver@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941472?format=api", "purl": "pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941470?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941473?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-jabw-thzt-63bb" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-rcdg-j23x-xfbn" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2021-41585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-61q8-wyrp-rycg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/260381?format=api", "vulnerability_id": "VCID-8ta5-mh5e-cfft", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78009", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78017", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78046", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78028", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78054", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78059", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78085", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78067", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78064", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.781", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78099", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78092", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43082" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941471?format=api", "purl": "pkg:deb/debian/trafficserver@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941472?format=api", "purl": "pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941490?format=api", "purl": "pkg:deb/debian/trafficserver@9.1.1%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.1.1%252Bds-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941470?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941473?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-jabw-thzt-63bb" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-rcdg-j23x-xfbn" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2021-43082" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ta5-mh5e-cfft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/246687?format=api", "vulnerability_id": "VCID-by94-r8f3-z3fs", "summary": "Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.9279", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.92797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.92802", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.928", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.92809", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.92813", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.92818", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.92817", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.92828", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.09467", "scoring_system": "epss", "scoring_elements": "0.92832", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27737" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941471?format=api", "purl": "pkg:deb/debian/trafficserver@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941472?format=api", "purl": "pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941470?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941473?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-jabw-thzt-63bb" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-rcdg-j23x-xfbn" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2021-27737" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-by94-r8f3-z3fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/279895?format=api", "vulnerability_id": "VCID-fvbh-59fu-cfb6", "summary": "Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92233", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92231", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92193", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92199", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92202", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92213", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92217", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92222", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.9222", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08233", "scoring_system": "epss", "scoring_elements": "0.92232", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40743" }, { "reference_url": "https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02", "reference_id": "mrj2lg4s0hf027rk7gz8t7hbn9xpfg02", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T14:19:23Z/" } ], "url": "https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941471?format=api", "purl": "pkg:deb/debian/trafficserver@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941472?format=api", "purl": "pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941496?format=api", "purl": "pkg:deb/debian/trafficserver@9.1.4%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.1.4%252Bds-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941470?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941473?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-jabw-thzt-63bb" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-rcdg-j23x-xfbn" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2022-40743" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fvbh-59fu-cfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210266?format=api", "vulnerability_id": "VCID-gqeq-hqf6-abh9", "summary": "Improper Access Control vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 10.0.0 through 10.0.3.\n\nUsers are recommended to upgrade to version 10.0.4, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22568", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22932", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34092", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45848", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45868", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45837", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45846", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.4582", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45841", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45792", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56196" }, { "reference_url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023", "reference_id": "btofzws2yqskk2n7f01r3l1819x01023", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:37:33Z/" } ], "url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941471?format=api", "purl": "pkg:deb/debian/trafficserver@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941472?format=api", "purl": "pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941470?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941473?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-jabw-thzt-63bb" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-rcdg-j23x-xfbn" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2024-56196" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqeq-hqf6-abh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266528?format=api", "vulnerability_id": "VCID-has1-mf68-q3am", "summary": "Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2.\n\nUsers are recommended to upgrade to version 9.2.3, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.91664", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.9167", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.91679", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.91691", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.91698", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.91702", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.91704", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.917", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.91721", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.91714", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07335", "scoring_system": "epss", "scoring_elements": "0.91715", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39456" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054427", "reference_id": "1054427", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054427" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", "reference_id": "VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:44:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941471?format=api", "purl": "pkg:deb/debian/trafficserver@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941472?format=api", "purl": "pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941506?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.3%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.3%252Bds-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941501?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.3%2Bds-1%2Bdeb12u1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.3%252Bds-1%252Bdeb12u1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941470?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/941473?format=api", "purl": "pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4738-xk8n-hbac" }, { "vulnerability": "VCID-4hs3-be7k-9qe7" }, { "vulnerability": "VCID-4uhe-mtbx-nfdu" }, { "vulnerability": "VCID-5e1r-3jec-tkhp" }, { "vulnerability": "VCID-c62p-6ghw-j3dv" }, { "vulnerability": "VCID-eay7-63um-43e9" }, { "vulnerability": "VCID-jabw-thzt-63bb" }, { "vulnerability": "VCID-kjah-am9e-xkev" }, { "vulnerability": "VCID-rcdg-j23x-xfbn" }, { "vulnerability": "VCID-tevw-8dcp-yfh6" }, { "vulnerability": "VCID-ww3t-p3pq-gkhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2023-39456" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-has1-mf68-q3am" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@0%3Fdistro=sid" }