Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1?arch=el8eap
Typerpm
Namespaceredhat
Nameeap7-netty-transport-native-epoll
Version4.1.94-1.Final_redhat_00001.1
Qualifiers
arch el8eap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-8b9g-6r2j-tqhw
vulnerability_id VCID-8b9g-6r2j-tqhw
summary 
Allocation of Resources Without Limits or Throttling
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34462.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34462.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34462
reference_id
reference_type
scores
0
value 0.00998
scoring_system epss
scoring_elements 0.77005
published_at 2026-04-18T12:55:00Z
1
value 0.00998
scoring_system epss
scoring_elements 0.77002
published_at 2026-04-16T12:55:00Z
2
value 0.00998
scoring_system epss
scoring_elements 0.76961
published_at 2026-04-13T12:55:00Z
3
value 0.00998
scoring_system epss
scoring_elements 0.76966
published_at 2026-04-12T12:55:00Z
4
value 0.00998
scoring_system epss
scoring_elements 0.76986
published_at 2026-04-11T12:55:00Z
5
value 0.00998
scoring_system epss
scoring_elements 0.76959
published_at 2026-04-09T12:55:00Z
6
value 0.00998
scoring_system epss
scoring_elements 0.76948
published_at 2026-04-08T12:55:00Z
7
value 0.00998
scoring_system epss
scoring_elements 0.76915
published_at 2026-04-07T12:55:00Z
8
value 0.00998
scoring_system epss
scoring_elements 0.76933
published_at 2026-04-04T12:55:00Z
9
value 0.00998
scoring_system epss
scoring_elements 0.76902
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34462
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
5
reference_url https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32
6
reference_url https://security.netapp.com/advisory/ntap-20230803-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230803-0001
7
reference_url https://security.netapp.com/advisory/ntap-20240621-0007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0007
8
reference_url https://www.debian.org/security/2023/dsa-5558
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://www.debian.org/security/2023/dsa-5558
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038947
reference_id 1038947
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038947
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2216888
reference_id 2216888
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2216888
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34462
reference_id CVE-2023-34462
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34462
12
reference_url https://github.com/advisories/GHSA-6mjq-h674-j845
reference_id GHSA-6mjq-h674-j845
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mjq-h674-j845
13
reference_url https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
reference_id GHSA-6mjq-h674-j845
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
14
reference_url https://security.netapp.com/advisory/ntap-20230803-0001/
reference_id ntap-20230803-0001
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://security.netapp.com/advisory/ntap-20230803-0001/
15
reference_url https://security.netapp.com/advisory/ntap-20240621-0007/
reference_id ntap-20240621-0007
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://security.netapp.com/advisory/ntap-20240621-0007/
16
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
17
reference_url https://access.redhat.com/errata/RHSA-2023:5441
reference_id RHSA-2023:5441
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5441
18
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
19
reference_url https://access.redhat.com/errata/RHSA-2023:7669
reference_id RHSA-2023:7669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7669
20
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
21
reference_url https://access.redhat.com/errata/RHSA-2024:0148
reference_id RHSA-2024:0148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0148
22
reference_url https://usn.ubuntu.com/6994-1/
reference_id USN-6994-1
reference_type
scores
url https://usn.ubuntu.com/6994-1/
fixed_packages
aliases CVE-2023-34462, GHSA-6mjq-h674-j845
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8b9g-6r2j-tqhw
1
url VCID-khr7-6pza-afab
vulnerability_id VCID-khr7-6pza-afab
summary 
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26464
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.35088
published_at 2026-04-18T12:55:00Z
1
value 0.00147
scoring_system epss
scoring_elements 0.35049
published_at 2026-04-07T12:55:00Z
2
value 0.00147
scoring_system epss
scoring_elements 0.3509
published_at 2026-04-12T12:55:00Z
3
value 0.00147
scoring_system epss
scoring_elements 0.35125
published_at 2026-04-11T12:55:00Z
4
value 0.00147
scoring_system epss
scoring_elements 0.3512
published_at 2026-04-09T12:55:00Z
5
value 0.00147
scoring_system epss
scoring_elements 0.35171
published_at 2026-04-04T12:55:00Z
6
value 0.00147
scoring_system epss
scoring_elements 0.35094
published_at 2026-04-08T12:55:00Z
7
value 0.00147
scoring_system epss
scoring_elements 0.35102
published_at 2026-04-16T12:55:00Z
8
value 0.00147
scoring_system epss
scoring_elements 0.35066
published_at 2026-04-13T12:55:00Z
9
value 0.00147
scoring_system epss
scoring_elements 0.35142
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26464
2
reference_url https://github.com/apache/logging-log4j2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/logging-log4j2
3
reference_url https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/
url https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t
4
reference_url https://security.netapp.com/advisory/ntap-20230505-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230505-0008
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182864
reference_id 2182864
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182864
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26464
reference_id CVE-2023-26464
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26464
7
reference_url https://github.com/advisories/GHSA-vp98-w2p3-mv35
reference_id GHSA-vp98-w2p3-mv35
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vp98-w2p3-mv35
8
reference_url https://security.netapp.com/advisory/ntap-20230505-0008/
reference_id ntap-20230505-0008
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/
url https://security.netapp.com/advisory/ntap-20230505-0008/
9
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
aliases CVE-2023-26464, GHSA-vp98-w2p3-mv35
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khr7-6pza-afab
2
url VCID-nahx-etfu-qqfq
vulnerability_id VCID-nahx-etfu-qqfq
summary 
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25883.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25883.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25883
reference_id
reference_type
scores
0
value 0.00581
scoring_system epss
scoring_elements 0.68866
published_at 2026-04-02T12:55:00Z
1
value 0.00581
scoring_system epss
scoring_elements 0.68937
published_at 2026-04-09T12:55:00Z
2
value 0.00581
scoring_system epss
scoring_elements 0.68918
published_at 2026-04-08T12:55:00Z
3
value 0.00581
scoring_system epss
scoring_elements 0.68868
published_at 2026-04-07T12:55:00Z
4
value 0.00581
scoring_system epss
scoring_elements 0.68887
published_at 2026-04-04T12:55:00Z
5
value 0.00598
scoring_system epss
scoring_elements 0.69435
published_at 2026-04-18T12:55:00Z
6
value 0.00598
scoring_system epss
scoring_elements 0.69424
published_at 2026-04-16T12:55:00Z
7
value 0.00598
scoring_system epss
scoring_elements 0.69386
published_at 2026-04-13T12:55:00Z
8
value 0.00598
scoring_system epss
scoring_elements 0.69399
published_at 2026-04-12T12:55:00Z
9
value 0.00598
scoring_system epss
scoring_elements 0.69415
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25883
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25883
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25883
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/npm/node-semver
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-semver
5
reference_url https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/
url https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104
6
reference_url https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104
7
reference_url https://github.com/npm/node-semver/blob/main/internal/re.js%23L138
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/
url https://github.com/npm/node-semver/blob/main/internal/re.js%23L138
8
reference_url https://github.com/npm/node-semver/blob/main/internal/re.js%23L160
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/
url https://github.com/npm/node-semver/blob/main/internal/re.js%23L160
9
reference_url https://github.com/npm/node-semver/blob/main/internal/re.js#L138
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-semver/blob/main/internal/re.js#L138
10
reference_url https://github.com/npm/node-semver/blob/main/internal/re.js#L160
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-semver/blob/main/internal/re.js#L160
11
reference_url https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0
12
reference_url https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/
url https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441
13
reference_url https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c
14
reference_url https://github.com/npm/node-semver/pull/564
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/
url https://github.com/npm/node-semver/pull/564
15
reference_url https://github.com/npm/node-semver/pull/585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-semver/pull/585
16
reference_url https://github.com/npm/node-semver/pull/593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/node-semver/pull/593
17
reference_url https://security.netapp.com/advisory/ntap-20241025-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241025-0004
18
reference_url https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/
url https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2216475
reference_id 2216475
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2216475
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25883
reference_id CVE-2022-25883
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25883
21
reference_url https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
reference_id GHSA-c2qf-rxjj-qqgw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
22
reference_url https://access.redhat.com/errata/RHSA-2023:4341
reference_id RHSA-2023:4341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4341
23
reference_url https://access.redhat.com/errata/RHSA-2023:5360
reference_id RHSA-2023:5360
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5360
24
reference_url https://access.redhat.com/errata/RHSA-2023:5361
reference_id RHSA-2023:5361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5361
25
reference_url https://access.redhat.com/errata/RHSA-2023:5362
reference_id RHSA-2023:5362
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5362
26
reference_url https://access.redhat.com/errata/RHSA-2023:5363
reference_id RHSA-2023:5363
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5363
27
reference_url https://access.redhat.com/errata/RHSA-2023:5379
reference_id RHSA-2023:5379
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5379
28
reference_url https://access.redhat.com/errata/RHSA-2023:7222
reference_id RHSA-2023:7222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7222
29
reference_url https://access.redhat.com/errata/RHSA-2024:0719
reference_id RHSA-2024:0719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0719
30
reference_url https://access.redhat.com/errata/RHSA-2024:5955
reference_id RHSA-2024:5955
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5955
31
reference_url https://access.redhat.com/errata/RHSA-2024:6044
reference_id RHSA-2024:6044
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6044
fixed_packages
aliases CVE-2022-25883, GHSA-c2qf-rxjj-qqgw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nahx-etfu-qqfq
3
url VCID-wjaq-7np6-z3bk
vulnerability_id VCID-wjaq-7np6-z3bk
summary 
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26136.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26136.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26136
reference_id
reference_type
scores
0
value 0.06371
scoring_system epss
scoring_elements 0.91029
published_at 2026-04-18T12:55:00Z
1
value 0.06371
scoring_system epss
scoring_elements 0.91031
published_at 2026-04-16T12:55:00Z
2
value 0.06371
scoring_system epss
scoring_elements 0.90962
published_at 2026-04-02T12:55:00Z
3
value 0.06371
scoring_system epss
scoring_elements 0.91006
published_at 2026-04-13T12:55:00Z
4
value 0.06371
scoring_system epss
scoring_elements 0.91007
published_at 2026-04-12T12:55:00Z
5
value 0.06371
scoring_system epss
scoring_elements 0.90998
published_at 2026-04-09T12:55:00Z
6
value 0.06371
scoring_system epss
scoring_elements 0.90993
published_at 2026-04-08T12:55:00Z
7
value 0.06371
scoring_system epss
scoring_elements 0.90982
published_at 2026-04-07T12:55:00Z
8
value 0.06371
scoring_system epss
scoring_elements 0.90971
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26136
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26136
3
reference_url https://github.com/salesforce/tough-cookie
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie
4
reference_url https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e
5
reference_url https://github.com/salesforce/tough-cookie/issues/282
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://github.com/salesforce/tough-cookie/issues/282
6
reference_url https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3
7
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ
10
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
11
reference_url https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2219310
reference_id 2219310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2219310
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/
reference_id 3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/
reference_id 6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26136
reference_id CVE-2023-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26136
16
reference_url https://github.com/advisories/GHSA-72xf-g2v4-qvf3
reference_id GHSA-72xf-g2v4-qvf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72xf-g2v4-qvf3
17
reference_url https://access.redhat.com/errata/RHSA-2023:3998
reference_id RHSA-2023:3998
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3998
18
reference_url https://access.redhat.com/errata/RHSA-2023:5006
reference_id RHSA-2023:5006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5006
19
reference_url https://access.redhat.com/errata/RHSA-2023:5541
reference_id RHSA-2023:5541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5541
20
reference_url https://access.redhat.com/errata/RHSA-2023:5542
reference_id RHSA-2023:5542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5542
21
reference_url https://access.redhat.com/errata/RHSA-2023:7222
reference_id RHSA-2023:7222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7222
22
reference_url https://access.redhat.com/errata/RHSA-2024:8676
reference_id RHSA-2024:8676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8676
23
reference_url https://access.redhat.com/errata/RHSA-2025:0082
reference_id RHSA-2025:0082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0082
24
reference_url https://access.redhat.com/errata/RHSA-2025:0164
reference_id RHSA-2025:0164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0164
25
reference_url https://access.redhat.com/errata/RHSA-2025:0323
reference_id RHSA-2025:0323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0323
fixed_packages
aliases CVE-2023-26136, GHSA-72xf-g2v4-qvf3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjaq-7np6-z3bk
4
url VCID-zxsk-ucu6-73h1
vulnerability_id VCID-zxsk-ucu6-73h1
summary eap-7: heap exhaustion via deserialization
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3171
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39658
published_at 2026-04-02T12:55:00Z
1
value 0.0018
scoring_system epss
scoring_elements 0.3968
published_at 2026-04-04T12:55:00Z
2
value 0.0018
scoring_system epss
scoring_elements 0.39598
published_at 2026-04-07T12:55:00Z
3
value 0.0018
scoring_system epss
scoring_elements 0.39652
published_at 2026-04-08T12:55:00Z
4
value 0.0018
scoring_system epss
scoring_elements 0.39666
published_at 2026-04-09T12:55:00Z
5
value 0.0018
scoring_system epss
scoring_elements 0.39676
published_at 2026-04-11T12:55:00Z
6
value 0.0018
scoring_system epss
scoring_elements 0.3964
published_at 2026-04-12T12:55:00Z
7
value 0.0018
scoring_system epss
scoring_elements 0.39624
published_at 2026-04-13T12:55:00Z
8
value 0.0018
scoring_system epss
scoring_elements 0.39675
published_at 2026-04-16T12:55:00Z
9
value 0.0018
scoring_system epss
scoring_elements 0.39646
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3171
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2213639
reference_id 2213639
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2213639
fixed_packages
aliases CVE-2023-3171
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxsk-ucu6-73h1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1%3Farch=el8eap