Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/jenkins-2-plugins@4.13.1706516346-1?arch=el8

Type rpm

Namespace redhat

Name jenkins-2-plugins

Version 4.13.1706516346-1

Qualifiers

arch	el8

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-5bu5-5b6n-nuft

vulnerability_id

VCID-5bu5-5b6n-nuft

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24422

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07636
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07494
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07507
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07582
published_at	2026-04-24T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07595
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07607
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0753
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07548
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07589
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07508
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07609
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24422

reference_url

https://github.com/jenkinsci/script-security-plugin

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/script-security-plugin

reference_url

https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73

reference_url

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T14:29:50Z/

url

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164278
reference_id	2164278
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164278

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24422

reference_id

CVE-2023-24422

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24422

reference_url

https://github.com/advisories/GHSA-76qj-9gwh-pvv3

reference_id

GHSA-76qj-9gwh-pvv3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-76qj-9gwh-pvv3

reference_url	https://access.redhat.com/errata/RHSA-2023:1655
reference_id	RHSA-2023:1655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1655

reference_url	https://access.redhat.com/errata/RHSA-2023:3195
reference_id	RHSA-2023:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3195

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:3610
reference_id	RHSA-2023:3610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3610

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-24422, GHSA-76qj-9gwh-pvv3

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu5-5b6n-nuft

url

VCID-955x-hg4a-5kc3

vulnerability_id

VCID-955x-hg4a-5kc3

summary

Session Fixation
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37946.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37946.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-37946

reference_id

reference_type

scores

value	0.00081
scoring_system	epss
scoring_elements	0.23922
published_at	2026-04-04T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23881
published_at	2026-04-02T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27816
published_at	2026-04-16T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27809
published_at	2026-04-13T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27867
published_at	2026-04-12T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27749
published_at	2026-04-21T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27909
published_at	2026-04-11T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27799
published_at	2026-04-07T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27908
published_at	2026-04-09T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27866
published_at	2026-04-08T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27793
published_at	2026-04-18T12:55:00Z

value	0.00103
scoring_system	epss
scoring_elements	0.28047
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-37946

reference_url

https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:57:26Z/

url

https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998

reference_url

http://www.openwall.com/lists/oss-security/2023/07/12/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:57:26Z/

url

http://www.openwall.com/lists/oss-security/2023/07/12/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2222709
reference_id	2222709
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2222709

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-37946

reference_id

CVE-2023-37946

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-37946

reference_url

https://github.com/advisories/GHSA-rwg5-2pv9-633w

reference_id

GHSA-rwg5-2pv9-633w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rwg5-2pv9-633w

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

fixed_packages

aliases

CVE-2023-37946, GHSA-rwg5-2pv9-633w

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-955x-hg4a-5kc3

url

VCID-j584-bgww-z7fw

vulnerability_id

VCID-j584-bgww-z7fw

summary

Command injection in Apache Maven maven-shared-utils
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29599

reference_id

reference_type

scores

value	0.00346
scoring_system	epss
scoring_elements	0.57273
published_at	2026-04-21T12:55:00Z

value	0.00346
scoring_system	epss
scoring_elements	0.57222
published_at	2026-04-24T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60828
published_at	2026-04-09T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60865
published_at	2026-04-18T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.6086
published_at	2026-04-16T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60817
published_at	2026-04-13T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60836
published_at	2026-04-12T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.6077
published_at	2026-04-02T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.608
published_at	2026-04-04T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60764
published_at	2026-04-07T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60813
published_at	2026-04-08T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.60849
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29599

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/maven-shared-utils

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/maven-shared-utils

reference_url

https://github.com/apache/maven-shared-utils/pull/40

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/maven-shared-utils/pull/40

reference_url

https://issues.apache.org/jira/browse/MSHARED-297

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/MSHARED-297

reference_url

https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29599

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29599

reference_url

https://www.debian.org/security/2022/dsa-5242

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5242

reference_url

http://www.openwall.com/lists/oss-security/2022/05/23/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/05/23/3

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314
reference_id	1012314
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2066479
reference_id	2066479
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2066479

reference_url

https://security.archlinux.org/AVG-2736

reference_id

AVG-2736

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2736

reference_url

https://github.com/advisories/GHSA-rhgr-952r-6p8q

reference_id

GHSA-rhgr-952r-6p8q

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rhgr-952r-6p8q

reference_url	https://access.redhat.com/errata/RHSA-2022:1541
reference_id	RHSA-2022:1541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1541

reference_url	https://access.redhat.com/errata/RHSA-2022:1662
reference_id	RHSA-2022:1662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1662

reference_url	https://access.redhat.com/errata/RHSA-2022:4699
reference_id	RHSA-2022:4699
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4699

reference_url	https://access.redhat.com/errata/RHSA-2022:4797
reference_id	RHSA-2022:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4797

reference_url	https://access.redhat.com/errata/RHSA-2022:4798
reference_id	RHSA-2022:4798
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4798

reference_url	https://access.redhat.com/errata/RHSA-2022:9098
reference_id	RHSA-2022:9098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9098

reference_url	https://access.redhat.com/errata/RHSA-2023:0573
reference_id	RHSA-2023:0573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0573

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3610
reference_id	RHSA-2023:3610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3610

reference_url	https://access.redhat.com/errata/RHSA-2023:3622
reference_id	RHSA-2023:3622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3622

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://usn.ubuntu.com/6730-1/
reference_id	USN-6730-1
reference_type
scores
url	https://usn.ubuntu.com/6730-1/

fixed_packages

aliases

CVE-2022-29599, GHSA-rhgr-952r-6p8q

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j584-bgww-z7fw

url

VCID-j986-mtma-b3bw

vulnerability_id

VCID-j986-mtma-b3bw

summary

Arbitrary code execution in Apache Commons Text
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

references

reference_url

http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://packetstormsecurity.com/files/171003/OX-App-Suite-Cross-Site-Scripting-Server-Side-Request-Forgery.html

reference_url

http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://packetstormsecurity.com/files/176650/Apache-Commons-Text-1.9-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42889.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42889

reference_id

reference_type

scores

value	0.94251
scoring_system	epss
scoring_elements	0.99931
published_at	2026-04-18T12:55:00Z

value	0.94251
scoring_system	epss
scoring_elements	0.99932
published_at	2026-04-24T12:55:00Z

value	0.94251
scoring_system	epss
scoring_elements	0.9993
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42889

reference_url

https://arxiv.org/pdf/2306.05534

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://arxiv.org/pdf/2306.05534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889

reference_url

http://seclists.org/fulldisclosure/2023/Feb/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://seclists.org/fulldisclosure/2023/Feb/3

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/commons-text

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/commons-text

reference_url

https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-42889

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42889

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022

reference_url

https://security.gentoo.org/glsa/202301-05

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://security.gentoo.org/glsa/202301-05

reference_url

https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text

reference_url

https://security.netapp.com/advisory/ntap-20221020-0004

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221020-0004

reference_url

https://security.netapp.com/advisory/ntap-20221020-0004/

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

https://security.netapp.com/advisory/ntap-20221020-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/10/13/4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://www.openwall.com/lists/oss-security/2022/10/13/4

reference_url

http://www.openwall.com/lists/oss-security/2022/10/18/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-24T16:22:10Z/

url

http://www.openwall.com/lists/oss-security/2022/10/18/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787
reference_id	1021787
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021787

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2135435
reference_id	2135435
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2135435

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py
reference_id	CVE-2022-42889
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52261.py

reference_url

https://github.com/advisories/GHSA-599f-7c49-w659

reference_id

GHSA-599f-7c49-w659

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-599f-7c49-w659

reference_url	https://access.redhat.com/errata/RHSA-2022:8652
reference_id	RHSA-2022:8652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8652

reference_url	https://access.redhat.com/errata/RHSA-2022:8876
reference_id	RHSA-2022:8876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8876

reference_url	https://access.redhat.com/errata/RHSA-2022:8902
reference_id	RHSA-2022:8902
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8902

reference_url	https://access.redhat.com/errata/RHSA-2022:9023
reference_id	RHSA-2022:9023
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9023

reference_url	https://access.redhat.com/errata/RHSA-2023:0261
reference_id	RHSA-2023:0261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0261

reference_url	https://access.redhat.com/errata/RHSA-2023:0469
reference_id	RHSA-2023:0469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0469

reference_url	https://access.redhat.com/errata/RHSA-2023:1006
reference_id	RHSA-2023:1006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1006

reference_url	https://access.redhat.com/errata/RHSA-2023:1524
reference_id	RHSA-2023:1524
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1524

reference_url	https://access.redhat.com/errata/RHSA-2023:1655
reference_id	RHSA-2023:1655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1655

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

reference_url	https://access.redhat.com/errata/RHSA-2023:3195
reference_id	RHSA-2023:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3195

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

reference_url	https://access.redhat.com/errata/RHSA-2025:1747
reference_id	RHSA-2025:1747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1747

fixed_packages

aliases

CVE-2022-42889, GHSA-599f-7c49-w659

risk_score

10.0

exploitability

2.0

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j986-mtma-b3bw

url

VCID-m3g5-ua28-afd2

vulnerability_id

VCID-m3g5-ua28-afd2

summary

Origin Validation Error in Apache Maven
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26291.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26291

reference_id

reference_type

scores

value	0.46101
scoring_system	epss
scoring_elements	0.97648
published_at	2026-04-24T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97649
published_at	2026-04-21T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97646
published_at	2026-04-16T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97639
published_at	2026-04-13T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97617
published_at	2026-04-01T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97623
published_at	2026-04-02T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97626
published_at	2026-04-07T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97625
published_at	2026-04-04T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97638
published_at	2026-04-12T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97635
published_at	2026-04-11T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97633
published_at	2026-04-09T12:55:00Z

value	0.46101
scoring_system	epss
scoring_elements	0.97631
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26291

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/maven

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/maven

reference_url

https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/maven/commit/899465aeec03753ea91e15a79579eab76369c016

reference_url

https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/maven/commit/fa79cb22e456cc65522b5bab8c4240fe08c5775f

reference_url

https://issues.apache.org/jira/browse/MNG-7116

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/MNG-7116

reference_url

https://issues.apache.org/jira/browse/MNG-7117

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/MNG-7117

reference_url

https://lists.apache.org/thread.html/r0556ce5db7231025785477739ee416b169d8aff5ee9bac7854d64736@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0556ce5db7231025785477739ee416b169d8aff5ee9bac7854d64736@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r06db4057b74e0598a412734f693a34a8836ac6f06d16d139e5e1027c@%3Cdev.maven.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r06db4057b74e0598a412734f693a34a8836ac6f06d16d139e5e1027c@%3Cdev.maven.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r07a89b32783f73bda6903c1f9aadeb859e5bef0a4daed6d87db8e4a9@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r07a89b32783f73bda6903c1f9aadeb859e5bef0a4daed6d87db8e4a9@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r08a401f8c98a99f68d061fde6e6659d695f28d60fe4f0413bcb355b0@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r08a401f8c98a99f68d061fde6e6659d695f28d60fe4f0413bcb355b0@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0a5e4ff2a7ca7ad8595d7683afbaeb3b8788ba974681907f97e7dc8e@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0a5e4ff2a7ca7ad8595d7683afbaeb3b8788ba974681907f97e7dc8e@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0d083314aa3934dd4b6e6970d1f6ee50f6eaa9d867deb2cd96788478@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0d083314aa3934dd4b6e6970d1f6ee50f6eaa9d867deb2cd96788478@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r30e9fcba679d164158cc26236704c351954909c18cb2485d11038aa6@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r30e9fcba679d164158cc26236704c351954909c18cb2485d11038aa6@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r340e75c9bb6e8661b89e1cf2c52f4638a18312e57bd884722bc28f52@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r340e75c9bb6e8661b89e1cf2c52f4638a18312e57bd884722bc28f52@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r39fa6ec4b7e912d3e04ea68efd23e554ec9c8efa2c96f5b45104fc61@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r39fa6ec4b7e912d3e04ea68efd23e554ec9c8efa2c96f5b45104fc61@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3f0450dcab7e63b5f233ccfbc6fca5f1867a75c8aa2493ea82732381@%3Cdev.jena.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3f0450dcab7e63b5f233ccfbc6fca5f1867a75c8aa2493ea82732381@%3Cdev.jena.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r52c6cda14dc6315dc79e72d30109f4589e9c6300ef6dc1a019da32d4@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r52c6cda14dc6315dc79e72d30109f4589e9c6300ef6dc1a019da32d4@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r53cd5de57aaa126038c5301d8f518f3defab3c5b1c7e17c97bad08d8@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r53cd5de57aaa126038c5301d8f518f3defab3c5b1c7e17c97bad08d8@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5ae6aaa8a2ce86145225c3516bb45d315c0454e3765d651527e5df8a@%3Ccommits.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5ae6aaa8a2ce86145225c3516bb45d315c0454e3765d651527e5df8a@%3Ccommits.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r71bc13669be84c2ff45b74a67929bc2da905c152e12a39b406e3c2a0@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r71bc13669be84c2ff45b74a67929bc2da905c152e12a39b406e3c2a0@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7212b874e575e59d648980d91bc22e684906aee9b211ab92da9591f5@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7212b874e575e59d648980d91bc22e684906aee9b211ab92da9591f5@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r74329c671df713f61ae4620ee2452a0443ccad7f33c60e8ed7d21ff9@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r74329c671df713f61ae4620ee2452a0443ccad7f33c60e8ed7d21ff9@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r78fb6d2cf0ca332cfa43abd4471e75fa6c517ed9cdfcb950bff48d40@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r78fb6d2cf0ca332cfa43abd4471e75fa6c517ed9cdfcb950bff48d40@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r86aebd0387ae19b740b3eb28bad83fe6aceca0d6257eaa810a6e0002@%3Ccommits.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r86aebd0387ae19b740b3eb28bad83fe6aceca0d6257eaa810a6e0002@%3Ccommits.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r86e1c81e03f441855f127980e9b3d41939d04a7caea2b7ab718e2288@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r86e1c81e03f441855f127980e9b3d41939d04a7caea2b7ab718e2288@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r96cc126d3ee9aa42af9d3bb4baa94828b0a5f656584a50dcc594125f@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r96cc126d3ee9aa42af9d3bb4baa94828b0a5f656584a50dcc594125f@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00@%3Cusers.maven.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00@%3Cusers.maven.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra88a0eba7f84658cefcecc0143fd8bbad52c229ee5dfcbfdde7b6457@%3Cdev.jena.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra88a0eba7f84658cefcecc0143fd8bbad52c229ee5dfcbfdde7b6457@%3Cdev.jena.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra9d984eccfd2ae7726671e025f0296bf03786e5cdf872138110ac29b@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra9d984eccfd2ae7726671e025f0296bf03786e5cdf872138110ac29b@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc7ae2530063d1cd1cf8e9fa130d10940760f927168d4063d23b8cd0a@%3Ccommits.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc7ae2530063d1cd1cf8e9fa130d10940760f927168d4063d23b8cd0a@%3Ccommits.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rcd6c3a36f1dbc130da1b89d0f320db7040de71661a512695a8d513ac@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rcd6c3a36f1dbc130da1b89d0f320db7040de71661a512695a8d513ac@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re75f8b3dbc5faa1640908f87e644d373e00f8b4e6ba3e2ba4bd2c80b@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re75f8b3dbc5faa1640908f87e644d373e00f8b4e6ba3e2ba4bd2c80b@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/red3bf6cbfd99e36b0c0a4fa1cea1eef1eb300c6bd8f372f497341265@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/red3bf6cbfd99e36b0c0a4fa1cea1eef1eb300c6bd8f372f497341265@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E

reference_url

https://maven.apache.org/docs/3.8.1/release-notes.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://maven.apache.org/docs/3.8.1/release-notes.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-26291

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-26291

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291

reference_url	https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291/
reference_id
reference_type
scores
url	https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291/

reference_url

http://www.openwall.com/lists/oss-security/2021/04/23/5

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/04/23/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1955739
reference_id	1955739
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1955739

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988155
reference_id	988155
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988155

reference_url

https://security.archlinux.org/AVG-1863

reference_id

AVG-1863

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1863

reference_url

https://github.com/advisories/GHSA-2f88-5hg8-9x2x

reference_id

GHSA-2f88-5hg8-9x2x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2f88-5hg8-9x2x

reference_url	https://access.redhat.com/errata/RHSA-2021:3880
reference_id	RHSA-2021:3880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3880

reference_url	https://access.redhat.com/errata/RHSA-2022:1013
reference_id	RHSA-2022:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1013

reference_url	https://access.redhat.com/errata/RHSA-2022:1029
reference_id	RHSA-2022:1029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1029

reference_url	https://access.redhat.com/errata/RHSA-2023:1334
reference_id	RHSA-2023:1334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1334

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://usn.ubuntu.com/5805-1/
reference_id	USN-5805-1
reference_type
scores
url	https://usn.ubuntu.com/5805-1/

reference_url	https://usn.ubuntu.com/USN-5245-1/
reference_id	USN-USN-5245-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5245-1/

fixed_packages

aliases

CVE-2021-26291, GHSA-2f88-5hg8-9x2x

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-m3g5-ua28-afd2

url

VCID-mm3e-4pej-byed

vulnerability_id

VCID-mm3e-4pej-byed

summary

Uncontrolled Resource Consumption in snakeyaml
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25857.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25857.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25857

reference_id

reference_type

scores

value	0.00869
scoring_system	epss
scoring_elements	0.75244
published_at	2026-04-24T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75173
published_at	2026-04-13T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75206
published_at	2026-04-21T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75216
published_at	2026-04-18T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.7521
published_at	2026-04-16T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75207
published_at	2026-04-11T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75132
published_at	2026-04-02T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75162
published_at	2026-04-04T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75139
published_at	2026-04-07T12:55:00Z

value	0.00869
scoring_system	epss
scoring_elements	0.75185
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25857

reference_url

https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174

reference_url

https://bitbucket.org/snakeyaml/snakeyaml/issues/525

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/snakeyaml/snakeyaml/issues/525

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/jruby/jruby/issues/7342

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/jruby/jruby/issues/7342

reference_url

https://github.com/snakeyaml/snakeyaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/snakeyaml/snakeyaml

reference_url

https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25857

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25857

reference_url

https://security.netapp.com/advisory/ntap-20240315-0010

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240315-0010

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019218
reference_id	1019218
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019218

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2126789
reference_id	2126789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2126789

reference_url

https://github.com/advisories/GHSA-3mc7-4q67-w48m

reference_id

GHSA-3mc7-4q67-w48m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3mc7-4q67-w48m

reference_url	https://access.redhat.com/errata/RHSA-2022:6757
reference_id	RHSA-2022:6757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6757

reference_url	https://access.redhat.com/errata/RHSA-2022:6820
reference_id	RHSA-2022:6820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6820

reference_url	https://access.redhat.com/errata/RHSA-2022:6821
reference_id	RHSA-2022:6821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6821

reference_url	https://access.redhat.com/errata/RHSA-2022:6822
reference_id	RHSA-2022:6822
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6822

reference_url	https://access.redhat.com/errata/RHSA-2022:6823
reference_id	RHSA-2022:6823
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6823

reference_url	https://access.redhat.com/errata/RHSA-2022:6825
reference_id	RHSA-2022:6825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6825

reference_url	https://access.redhat.com/errata/RHSA-2022:6835
reference_id	RHSA-2022:6835
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6835

reference_url	https://access.redhat.com/errata/RHSA-2022:6941
reference_id	RHSA-2022:6941
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6941

reference_url	https://access.redhat.com/errata/RHSA-2022:8524
reference_id	RHSA-2022:8524
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8524

reference_url	https://access.redhat.com/errata/RHSA-2022:8652
reference_id	RHSA-2022:8652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8652

reference_url	https://access.redhat.com/errata/RHSA-2022:8876
reference_id	RHSA-2022:8876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8876

reference_url	https://access.redhat.com/errata/RHSA-2023:0560
reference_id	RHSA-2023:0560
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0560

reference_url	https://access.redhat.com/errata/RHSA-2023:0777
reference_id	RHSA-2023:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0777

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3641
reference_id	RHSA-2023:3641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3641

reference_url	https://access.redhat.com/errata/RHSA-2023:4983
reference_id	RHSA-2023:4983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4983

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2023:7697
reference_id	RHSA-2023:7697
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7697

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2025:4437
reference_id	RHSA-2025:4437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4437

reference_url	https://usn.ubuntu.com/5944-1/
reference_id	USN-5944-1
reference_type
scores
url	https://usn.ubuntu.com/5944-1/

fixed_packages

aliases

CVE-2022-25857, GHSA-3mc7-4q67-w48m

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-mm3e-4pej-byed

url

VCID-quvj-3tpk-qug1

vulnerability_id

VCID-quvj-3tpk-qug1

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25761

reference_id

reference_type

scores

value	0.0175
scoring_system	epss
scoring_elements	0.82618
published_at	2026-04-24T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82557
published_at	2026-04-13T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82593
published_at	2026-04-18T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82521
published_at	2026-04-04T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82517
published_at	2026-04-07T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82543
published_at	2026-04-08T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82551
published_at	2026-04-09T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82569
published_at	2026-04-11T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82562
published_at	2026-04-12T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82503
published_at	2026-04-02T12:55:00Z

value	0.0175
scoring_system	epss
scoring_elements	0.82597
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25761

reference_url

https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02

reference_url

https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/

url

https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032

reference_url

http://www.openwall.com/lists/oss-security/2023/02/15/4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/

url

http://www.openwall.com/lists/oss-security/2023/02/15/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170039
reference_id	2170039
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170039

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25761

reference_id

CVE-2023-25761

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25761

reference_url

https://github.com/advisories/GHSA-ph74-8rgx-64c5

reference_id

GHSA-ph74-8rgx-64c5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ph74-8rgx-64c5

reference_url	https://access.redhat.com/errata/RHSA-2023:1866
reference_id	RHSA-2023:1866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1866

reference_url	https://access.redhat.com/errata/RHSA-2023:3195
reference_id	RHSA-2023:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3195

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-25761, GHSA-ph74-8rgx-64c5

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-quvj-3tpk-qug1

url

VCID-zxcj-h6nx-m7gq

vulnerability_id

VCID-zxcj-h6nx-m7gq

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25762

reference_id

reference_type

scores

value	0.6532
scoring_system	epss
scoring_elements	0.98497
published_at	2026-04-24T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98474
published_at	2026-04-02T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98477
published_at	2026-04-04T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98478
published_at	2026-04-07T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98482
published_at	2026-04-08T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98483
published_at	2026-04-09T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98486
published_at	2026-04-11T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98485
published_at	2026-04-13T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98492
published_at	2026-04-18T12:55:00Z

value	0.6532
scoring_system	epss
scoring_elements	0.98493
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25762

reference_url

https://github.com/jenkinsci/pipeline-build-step-plugin

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/pipeline-build-step-plugin

reference_url

https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/pipeline-build-step-plugin/commit/0eaf88a695244ddb69d16c11b96659167dbead92

reference_url

https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/

url

https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019

reference_url

http://www.openwall.com/lists/oss-security/2023/02/15/4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T18:48:31Z/

url

http://www.openwall.com/lists/oss-security/2023/02/15/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170041
reference_id	2170041
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170041

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25762

reference_id

CVE-2023-25762

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25762

reference_url

https://github.com/advisories/GHSA-9j65-3f2q-8q2r

reference_id

GHSA-9j65-3f2q-8q2r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9j65-3f2q-8q2r

reference_url	https://access.redhat.com/errata/RHSA-2023:1866
reference_id	RHSA-2023:1866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1866

reference_url	https://access.redhat.com/errata/RHSA-2023:3195
reference_id	RHSA-2023:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3195

reference_url	https://access.redhat.com/errata/RHSA-2023:3198
reference_id	RHSA-2023:3198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3198

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:6171
reference_id	RHSA-2023:6171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6171

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2023:6179
reference_id	RHSA-2023:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6179

reference_url	https://access.redhat.com/errata/RHSA-2023:7288
reference_id	RHSA-2023:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7288

reference_url	https://access.redhat.com/errata/RHSA-2024:0775
reference_id	RHSA-2024:0775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0775

reference_url	https://access.redhat.com/errata/RHSA-2024:0776
reference_id	RHSA-2024:0776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0776

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

aliases

CVE-2023-25762, GHSA-9j65-3f2q-8q2r

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-zxcj-h6nx-m7gq

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.13.1706516346-1%3Farch=el8

Package Instance