Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins-2-plugins@4.12.1686649756-1?arch=el8
Typerpm
Namespaceredhat
Namejenkins-2-plugins
Version4.12.1686649756-1
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4qvq-xv22-xbed
vulnerability_id VCID-4qvq-xv22-xbed
summary 
Missing Authorization
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30954.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30954.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-30954
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.40224
published_at 2026-04-04T12:55:00Z
1
value 0.00184
scoring_system epss
scoring_elements 0.402
published_at 2026-04-02T12:55:00Z
2
value 0.00197
scoring_system epss
scoring_elements 0.41654
published_at 2026-04-24T12:55:00Z
3
value 0.00197
scoring_system epss
scoring_elements 0.4174
published_at 2026-04-07T12:55:00Z
4
value 0.00197
scoring_system epss
scoring_elements 0.4179
published_at 2026-04-12T12:55:00Z
5
value 0.00197
scoring_system epss
scoring_elements 0.418
published_at 2026-04-18T12:55:00Z
6
value 0.00197
scoring_system epss
scoring_elements 0.41823
published_at 2026-04-11T12:55:00Z
7
value 0.00197
scoring_system epss
scoring_elements 0.41777
published_at 2026-04-13T12:55:00Z
8
value 0.00197
scoring_system epss
scoring_elements 0.41826
published_at 2026-04-16T12:55:00Z
9
value 0.00197
scoring_system epss
scoring_elements 0.41728
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-30954
2
reference_url https://github.com/jenkinsci/blueocean-plugin
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/blueocean-plugin
3
reference_url https://github.com/jenkinsci/blueocean-plugin/commit/ffd89b675b172c86613459935fe220dc2bba0c57
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/blueocean-plugin/commit/ffd89b675b172c86613459935fe220dc2bba0c57
4
reference_url https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502
5
reference_url http://www.openwall.com/lists/oss-security/2022/05/17/8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/05/17/8
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119647
reference_id 2119647
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119647
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-30954
reference_id CVE-2022-30954
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-30954
8
reference_url https://github.com/advisories/GHSA-5m4q-x28v-q6wp
reference_id GHSA-5m4q-x28v-q6wp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5m4q-x28v-q6wp
9
reference_url https://access.redhat.com/errata/RHSA-2023:0017
reference_id RHSA-2023:0017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0017
10
reference_url https://access.redhat.com/errata/RHSA-2023:0560
reference_id RHSA-2023:0560
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0560
11
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
12
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
13
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
14
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
fixed_packages
aliases CVE-2022-30954, GHSA-5m4q-x28v-q6wp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4qvq-xv22-xbed
1
url VCID-5bu5-5b6n-nuft
vulnerability_id VCID-5bu5-5b6n-nuft
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24422.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24422
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07636
published_at 2026-04-21T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07494
published_at 2026-04-18T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.07507
published_at 2026-04-16T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07582
published_at 2026-04-24T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07595
published_at 2026-04-12T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07607
published_at 2026-04-11T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.0753
published_at 2026-04-07T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07548
published_at 2026-04-04T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.07589
published_at 2026-04-08T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07508
published_at 2026-04-02T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07609
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24422
2
reference_url https://github.com/jenkinsci/script-security-plugin
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin
3
reference_url https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73
4
reference_url https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-02T14:29:50Z/
url https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164278
reference_id 2164278
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164278
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24422
reference_id CVE-2023-24422
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24422
7
reference_url https://github.com/advisories/GHSA-76qj-9gwh-pvv3
reference_id GHSA-76qj-9gwh-pvv3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76qj-9gwh-pvv3
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
12
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
13
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
14
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
15
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
16
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
17
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
18
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
19
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
20
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-24422, GHSA-76qj-9gwh-pvv3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu5-5b6n-nuft
2
url VCID-7k5m-ys11-mfby
vulnerability_id VCID-7k5m-ys11-mfby
summary 
json-smart Uncontrolled Recursion vulnerability
Affected versions of [net.minidev:json-smart](https://github.com/netplex/json-smart-v1) are vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object.

When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the 3PP does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1370
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02286
published_at 2026-04-09T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02246
published_at 2026-04-18T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02236
published_at 2026-04-16T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02254
published_at 2026-04-13T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02257
published_at 2026-04-12T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02268
published_at 2026-04-11T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02264
published_at 2026-04-08T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.0301
published_at 2026-04-21T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02923
published_at 2026-04-04T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.02908
published_at 2026-04-02T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.03005
published_at 2026-04-24T12:55:00Z
11
value 0.00015
scoring_system epss
scoring_elements 0.02931
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1370
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
3
reference_url https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a
4
reference_url https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8
5
reference_url https://github.com/netplex/json-smart-v2/issues/137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/issues/137
6
reference_url https://github.com/oswaldobapvicjr/jsonmerge
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/oswaldobapvicjr/jsonmerge
7
reference_url https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633
8
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748
10
reference_url https://www.cve.org/CVERecord?id=CVE-2023-1370
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cve.org/CVERecord?id=CVE-2023-1370
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
reference_id 1033474
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2188542
reference_id 2188542
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2188542
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1370
reference_id CVE-2023-1370
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1370
14
reference_url https://github.com/advisories/GHSA-493p-pfq6-5258
reference_id GHSA-493p-pfq6-5258
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-493p-pfq6-5258
15
reference_url https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258
reference_id GHSA-493p-pfq6-5258
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258
16
reference_url https://access.redhat.com/errata/RHSA-2023:2099
reference_id RHSA-2023:2099
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2099
17
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
18
reference_url https://access.redhat.com/errata/RHSA-2023:3179
reference_id RHSA-2023:3179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3179
19
reference_url https://access.redhat.com/errata/RHSA-2023:3193
reference_id RHSA-2023:3193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3193
20
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
21
reference_url https://access.redhat.com/errata/RHSA-2023:3362
reference_id RHSA-2023:3362
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3362
22
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
23
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
24
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
25
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
26
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
27
reference_url https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
reference_id stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T19:09:38Z/
url https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
28
reference_url https://usn.ubuntu.com/6011-1/
reference_id USN-6011-1
reference_type
scores
url https://usn.ubuntu.com/6011-1/
fixed_packages
aliases CVE-2023-1370, GHSA-493p-pfq6-5258
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7k5m-ys11-mfby
3
url VCID-j584-bgww-z7fw
vulnerability_id VCID-j584-bgww-z7fw
summary 
Command injection in Apache Maven maven-shared-utils
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29599.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29599
reference_id
reference_type
scores
0
value 0.00346
scoring_system epss
scoring_elements 0.57273
published_at 2026-04-21T12:55:00Z
1
value 0.00346
scoring_system epss
scoring_elements 0.57222
published_at 2026-04-24T12:55:00Z
2
value 0.00402
scoring_system epss
scoring_elements 0.60828
published_at 2026-04-09T12:55:00Z
3
value 0.00402
scoring_system epss
scoring_elements 0.60865
published_at 2026-04-18T12:55:00Z
4
value 0.00402
scoring_system epss
scoring_elements 0.6086
published_at 2026-04-16T12:55:00Z
5
value 0.00402
scoring_system epss
scoring_elements 0.60817
published_at 2026-04-13T12:55:00Z
6
value 0.00402
scoring_system epss
scoring_elements 0.60836
published_at 2026-04-12T12:55:00Z
7
value 0.00402
scoring_system epss
scoring_elements 0.6077
published_at 2026-04-02T12:55:00Z
8
value 0.00402
scoring_system epss
scoring_elements 0.608
published_at 2026-04-04T12:55:00Z
9
value 0.00402
scoring_system epss
scoring_elements 0.60764
published_at 2026-04-07T12:55:00Z
10
value 0.00402
scoring_system epss
scoring_elements 0.60813
published_at 2026-04-08T12:55:00Z
11
value 0.00402
scoring_system epss
scoring_elements 0.60849
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29599
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29599
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/maven-shared-utils
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/maven-shared-utils
5
reference_url https://github.com/apache/maven-shared-utils/pull/40
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/maven-shared-utils/pull/40
6
reference_url https://issues.apache.org/jira/browse/MSHARED-297
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/MSHARED-297
7
reference_url https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29599
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29599
9
reference_url https://www.debian.org/security/2022/dsa-5242
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5242
10
reference_url http://www.openwall.com/lists/oss-security/2022/05/23/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/05/23/3
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314
reference_id 1012314
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2066479
reference_id 2066479
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2066479
13
reference_url https://security.archlinux.org/AVG-2736
reference_id AVG-2736
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2736
14
reference_url https://github.com/advisories/GHSA-rhgr-952r-6p8q
reference_id GHSA-rhgr-952r-6p8q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rhgr-952r-6p8q
15
reference_url https://access.redhat.com/errata/RHSA-2022:1541
reference_id RHSA-2022:1541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1541
16
reference_url https://access.redhat.com/errata/RHSA-2022:1662
reference_id RHSA-2022:1662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1662
17
reference_url https://access.redhat.com/errata/RHSA-2022:4699
reference_id RHSA-2022:4699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4699
18
reference_url https://access.redhat.com/errata/RHSA-2022:4797
reference_id RHSA-2022:4797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4797
19
reference_url https://access.redhat.com/errata/RHSA-2022:4798
reference_id RHSA-2022:4798
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4798
20
reference_url https://access.redhat.com/errata/RHSA-2022:9098
reference_id RHSA-2022:9098
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9098
21
reference_url https://access.redhat.com/errata/RHSA-2023:0573
reference_id RHSA-2023:0573
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0573
22
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
23
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
24
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
25
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
26
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
27
reference_url https://access.redhat.com/errata/RHSA-2023:6179
reference_id RHSA-2023:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6179
28
reference_url https://access.redhat.com/errata/RHSA-2023:7288
reference_id RHSA-2023:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7288
29
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
30
reference_url https://access.redhat.com/errata/RHSA-2024:0776
reference_id RHSA-2024:0776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0776
31
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
32
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
33
reference_url https://usn.ubuntu.com/6730-1/
reference_id USN-6730-1
reference_type
scores
url https://usn.ubuntu.com/6730-1/
fixed_packages
aliases CVE-2022-29599, GHSA-rhgr-952r-6p8q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j584-bgww-z7fw
4
url VCID-myp4-24sf-9yfv
vulnerability_id VCID-myp4-24sf-9yfv
summary 
Jettison memory exhaustion
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40150.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40150.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40150
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20276
published_at 2026-04-21T12:55:00Z
1
value 0.00065
scoring_system epss
scoring_elements 0.20277
published_at 2026-04-18T12:55:00Z
2
value 0.00065
scoring_system epss
scoring_elements 0.20272
published_at 2026-04-16T12:55:00Z
3
value 0.00065
scoring_system epss
scoring_elements 0.20284
published_at 2026-04-13T12:55:00Z
4
value 0.00065
scoring_system epss
scoring_elements 0.20343
published_at 2026-04-12T12:55:00Z
5
value 0.00065
scoring_system epss
scoring_elements 0.20388
published_at 2026-04-11T12:55:00Z
6
value 0.00065
scoring_system epss
scoring_elements 0.20358
published_at 2026-04-09T12:55:00Z
7
value 0.00065
scoring_system epss
scoring_elements 0.20299
published_at 2026-04-08T12:55:00Z
8
value 0.00065
scoring_system epss
scoring_elements 0.20219
published_at 2026-04-07T12:55:00Z
9
value 0.00065
scoring_system epss
scoring_elements 0.20493
published_at 2026-04-04T12:55:00Z
10
value 0.00065
scoring_system epss
scoring_elements 0.2043
published_at 2026-04-02T12:55:00Z
11
value 0.00069
scoring_system epss
scoring_elements 0.21086
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40150
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/jettison-json/jettison
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jettison-json/jettison
9
reference_url https://github.com/jettison-json/jettison/issues/45
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/
url https://github.com/jettison-json/jettison/issues/45
10
reference_url https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/
url https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40150
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40150
12
reference_url https://www.debian.org/security/2023/dsa-5312
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/
url https://www.debian.org/security/2023/dsa-5312
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022553
reference_id 1022553
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022553
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135770
reference_id 2135770
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135770
15
reference_url https://github.com/advisories/GHSA-x27m-9w8j-5vcw
reference_id GHSA-x27m-9w8j-5vcw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x27m-9w8j-5vcw
16
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
17
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
18
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
19
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
20
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
21
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
22
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
23
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
24
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
25
reference_url https://access.redhat.com/errata/RHSA-2025:4437
reference_id RHSA-2025:4437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4437
26
reference_url https://usn.ubuntu.com/6177-1/
reference_id USN-6177-1
reference_type
scores
url https://usn.ubuntu.com/6177-1/
fixed_packages
aliases CVE-2022-40150, GHSA-x27m-9w8j-5vcw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myp4-24sf-9yfv
5
url VCID-sqx4-euc2-myew
vulnerability_id VCID-sqx4-euc2-myew
summary 
Jettison parser crash by stackoverflow
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40149.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40149.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40149
reference_id
reference_type
scores
0
value 0.0055
scoring_system epss
scoring_elements 0.68015
published_at 2026-04-24T12:55:00Z
1
value 0.0055
scoring_system epss
scoring_elements 0.67972
published_at 2026-04-21T12:55:00Z
2
value 0.0055
scoring_system epss
scoring_elements 0.6799
published_at 2026-04-18T12:55:00Z
3
value 0.0055
scoring_system epss
scoring_elements 0.67901
published_at 2026-04-02T12:55:00Z
4
value 0.0055
scoring_system epss
scoring_elements 0.6795
published_at 2026-04-08T12:55:00Z
5
value 0.0055
scoring_system epss
scoring_elements 0.67899
published_at 2026-04-07T12:55:00Z
6
value 0.0055
scoring_system epss
scoring_elements 0.6792
published_at 2026-04-04T12:55:00Z
7
value 0.0055
scoring_system epss
scoring_elements 0.67977
published_at 2026-04-16T12:55:00Z
8
value 0.0055
scoring_system epss
scoring_elements 0.67939
published_at 2026-04-13T12:55:00Z
9
value 0.0055
scoring_system epss
scoring_elements 0.67974
published_at 2026-04-12T12:55:00Z
10
value 0.0055
scoring_system epss
scoring_elements 0.67988
published_at 2026-04-11T12:55:00Z
11
value 0.0055
scoring_system epss
scoring_elements 0.67964
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40149
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693
7
reference_url https://github.com/jettison-json/jettison
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jettison-json/jettison
8
reference_url https://github.com/jettison-json/jettison/issues/45
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/
url https://github.com/jettison-json/jettison/issues/45
9
reference_url https://github.com/jettison-json/jettison/pull/49/files
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jettison-json/jettison/pull/49/files
10
reference_url https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1
11
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html
12
reference_url https://www.debian.org/security/2023/dsa-5312
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/
url https://www.debian.org/security/2023/dsa-5312
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022554
reference_id 1022554
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022554
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135771
reference_id 2135771
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135771
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40149
reference_id CVE-2022-40149
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40149
16
reference_url https://github.com/advisories/GHSA-56h3-78gp-v83r
reference_id GHSA-56h3-78gp-v83r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56h3-78gp-v83r
17
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
18
reference_url https://access.redhat.com/errata/RHSA-2023:0544
reference_id RHSA-2023:0544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0544
19
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
20
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
21
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
22
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
23
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
24
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
25
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
26
reference_url https://access.redhat.com/errata/RHSA-2025:4437
reference_id RHSA-2025:4437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4437
27
reference_url https://usn.ubuntu.com/6177-1/
reference_id USN-6177-1
reference_type
scores
url https://usn.ubuntu.com/6177-1/
fixed_packages
aliases CVE-2022-40149, GHSA-56h3-78gp-v83r
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqx4-euc2-myew
6
url VCID-v9jp-s75d-zffs
vulnerability_id VCID-v9jp-s75d-zffs
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32977
reference_id
reference_type
scores
0
value 0.03706
scoring_system epss
scoring_elements 0.87991
published_at 2026-04-24T12:55:00Z
1
value 0.03706
scoring_system epss
scoring_elements 0.8797
published_at 2026-04-11T12:55:00Z
2
value 0.03706
scoring_system epss
scoring_elements 0.87932
published_at 2026-04-07T12:55:00Z
3
value 0.03706
scoring_system epss
scoring_elements 0.87952
published_at 2026-04-08T12:55:00Z
4
value 0.03706
scoring_system epss
scoring_elements 0.87959
published_at 2026-04-09T12:55:00Z
5
value 0.03706
scoring_system epss
scoring_elements 0.87974
published_at 2026-04-21T12:55:00Z
6
value 0.03706
scoring_system epss
scoring_elements 0.87975
published_at 2026-04-18T12:55:00Z
7
value 0.03706
scoring_system epss
scoring_elements 0.87915
published_at 2026-04-02T12:55:00Z
8
value 0.03706
scoring_system epss
scoring_elements 0.87961
published_at 2026-04-13T12:55:00Z
9
value 0.03706
scoring_system epss
scoring_elements 0.87962
published_at 2026-04-12T12:55:00Z
10
value 0.03706
scoring_system epss
scoring_elements 0.87928
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32977
2
reference_url https://github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821
3
reference_url https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T16:05:56Z/
url https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2207830
reference_id 2207830
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2207830
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32977
reference_id CVE-2023-32977
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32977
6
reference_url https://github.com/advisories/GHSA-2wvv-phhw-qvmc
reference_id GHSA-2wvv-phhw-qvmc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2wvv-phhw-qvmc
7
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
8
reference_url https://access.redhat.com/errata/RHSA-2023:3625
reference_id RHSA-2023:3625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3625
9
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
aliases CVE-2023-32977, GHSA-2wvv-phhw-qvmc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9jp-s75d-zffs
7
url VCID-wp9q-eurd-43dx
vulnerability_id VCID-wp9q-eurd-43dx
summary 
Jettison Out-of-bounds Write vulnerability
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45693.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45693.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45693
reference_id
reference_type
scores
0
value 0.00131
scoring_system epss
scoring_elements 0.32569
published_at 2026-04-07T12:55:00Z
1
value 0.00131
scoring_system epss
scoring_elements 0.32607
published_at 2026-04-12T12:55:00Z
2
value 0.00131
scoring_system epss
scoring_elements 0.32645
published_at 2026-04-11T12:55:00Z
3
value 0.00131
scoring_system epss
scoring_elements 0.32642
published_at 2026-04-09T12:55:00Z
4
value 0.00131
scoring_system epss
scoring_elements 0.32617
published_at 2026-04-08T12:55:00Z
5
value 0.00131
scoring_system epss
scoring_elements 0.32713
published_at 2026-04-02T12:55:00Z
6
value 0.00131
scoring_system epss
scoring_elements 0.32748
published_at 2026-04-04T12:55:00Z
7
value 0.00131
scoring_system epss
scoring_elements 0.32579
published_at 2026-04-13T12:55:00Z
8
value 0.00139
scoring_system epss
scoring_elements 0.34071
published_at 2026-04-21T12:55:00Z
9
value 0.00139
scoring_system epss
scoring_elements 0.34107
published_at 2026-04-18T12:55:00Z
10
value 0.00139
scoring_system epss
scoring_elements 0.3412
published_at 2026-04-16T12:55:00Z
11
value 0.00139
scoring_system epss
scoring_elements 0.33698
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45693
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/jettison-json/jettison
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jettison-json/jettison
8
reference_url https://github.com/jettison-json/jettison/issues/52
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:58:02Z/
url https://github.com/jettison-json/jettison/issues/52
9
reference_url https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:58:02Z/
url https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45693
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45693
11
reference_url https://www.debian.org/security/2023/dsa-5312
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T14:58:02Z/
url https://www.debian.org/security/2023/dsa-5312
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2155970
reference_id 2155970
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2155970
13
reference_url https://github.com/advisories/GHSA-grr4-wv38-f68w
reference_id GHSA-grr4-wv38-f68w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-grr4-wv38-f68w
14
reference_url https://access.redhat.com/errata/RHSA-2023:0544
reference_id RHSA-2023:0544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0544
15
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
16
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
17
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
18
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
19
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
20
reference_url https://access.redhat.com/errata/RHSA-2024:1027
reference_id RHSA-2024:1027
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1027
21
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
22
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
23
reference_url https://usn.ubuntu.com/6177-1/
reference_id USN-6177-1
reference_type
scores
url https://usn.ubuntu.com/6177-1/
fixed_packages
aliases CVE-2022-45693, GHSA-grr4-wv38-f68w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wp9q-eurd-43dx
8
url VCID-xq5k-dyk9-u3ct
vulnerability_id VCID-xq5k-dyk9-u3ct
summary 
Cross Site Request Forgery in Jenkins Blue Ocean Plugin
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Blue Ocean Plugin 1.25.4 requires POST requests and the appropriate permissions for the affected HTTP endpoints.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30953.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30953.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-30953
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.24093
published_at 2026-04-02T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.24133
published_at 2026-04-04T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.288
published_at 2026-04-18T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28824
published_at 2026-04-16T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.28803
published_at 2026-04-13T12:55:00Z
5
value 0.00107
scoring_system epss
scoring_elements 0.28853
published_at 2026-04-12T12:55:00Z
6
value 0.00107
scoring_system epss
scoring_elements 0.28897
published_at 2026-04-11T12:55:00Z
7
value 0.00107
scoring_system epss
scoring_elements 0.28891
published_at 2026-04-09T12:55:00Z
8
value 0.00107
scoring_system epss
scoring_elements 0.2885
published_at 2026-04-08T12:55:00Z
9
value 0.00107
scoring_system epss
scoring_elements 0.28782
published_at 2026-04-07T12:55:00Z
10
value 0.00107
scoring_system epss
scoring_elements 0.28638
published_at 2026-04-24T12:55:00Z
11
value 0.00107
scoring_system epss
scoring_elements 0.2875
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-30953
2
reference_url https://github.com/jenkinsci/blueocean-plugin
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/blueocean-plugin
3
reference_url https://github.com/jenkinsci/blueocean-plugin/commit/9f44b895d018c514d5dccc1f2190a2a029e58259
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/blueocean-plugin/commit/9f44b895d018c514d5dccc1f2190a2a029e58259
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-30953
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-30953
5
reference_url https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502
6
reference_url http://www.openwall.com/lists/oss-security/2022/05/17/8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/05/17/8
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119646
reference_id 2119646
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119646
8
reference_url https://github.com/advisories/GHSA-hgpq-42pf-9vfq
reference_id GHSA-hgpq-42pf-9vfq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgpq-42pf-9vfq
9
reference_url https://access.redhat.com/errata/RHSA-2023:0017
reference_id RHSA-2023:0017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0017
10
reference_url https://access.redhat.com/errata/RHSA-2023:0560
reference_id RHSA-2023:0560
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0560
11
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
12
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
13
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
14
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
fixed_packages
aliases CVE-2022-30953, GHSA-hgpq-42pf-9vfq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xq5k-dyk9-u3ct
9
url VCID-yph7-zq7p-j3hz
vulnerability_id VCID-yph7-zq7p-j3hz
summary 
Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32981
reference_id
reference_type
scores
0
value 0.01044
scoring_system epss
scoring_elements 0.77478
published_at 2026-04-12T12:55:00Z
1
value 0.01044
scoring_system epss
scoring_elements 0.77497
published_at 2026-04-11T12:55:00Z
2
value 0.01044
scoring_system epss
scoring_elements 0.77471
published_at 2026-04-09T12:55:00Z
3
value 0.01044
scoring_system epss
scoring_elements 0.77462
published_at 2026-04-08T12:55:00Z
4
value 0.01044
scoring_system epss
scoring_elements 0.77432
published_at 2026-04-07T12:55:00Z
5
value 0.01044
scoring_system epss
scoring_elements 0.77427
published_at 2026-04-02T12:55:00Z
6
value 0.01044
scoring_system epss
scoring_elements 0.77452
published_at 2026-04-04T12:55:00Z
7
value 0.02338
scoring_system epss
scoring_elements 0.849
published_at 2026-04-24T12:55:00Z
8
value 0.02338
scoring_system epss
scoring_elements 0.84854
published_at 2026-04-13T12:55:00Z
9
value 0.02338
scoring_system epss
scoring_elements 0.84876
published_at 2026-04-16T12:55:00Z
10
value 0.02338
scoring_system epss
scoring_elements 0.84877
published_at 2026-04-18T12:55:00Z
11
value 0.02338
scoring_system epss
scoring_elements 0.84874
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32981
2
reference_url https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/0ba4f329ee27c023609653e25bdd5604c5e46a11
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/0ba4f329ee27c023609653e25bdd5604c5e46a11
3
reference_url https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-23T20:48:10Z/
url https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2207835
reference_id 2207835
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2207835
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32981
reference_id CVE-2023-32981
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32981
6
reference_url https://github.com/advisories/GHSA-6987-xccv-fhjp
reference_id GHSA-6987-xccv-fhjp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6987-xccv-fhjp
7
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
8
reference_url https://access.redhat.com/errata/RHSA-2023:3625
reference_id RHSA-2023:3625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3625
9
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
aliases CVE-2023-32981, GHSA-6987-xccv-fhjp
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yph7-zq7p-j3hz
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1686649756-1%3Farch=el8