Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins@2.401.1.1686680404-3?arch=el8
Typerpm
Namespaceredhat
Namejenkins
Version2.401.1.1686680404-3
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-432r-ukuw-4bgt
vulnerability_id VCID-432r-ukuw-4bgt
summary 
Incorrect Authorization
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27903.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27903.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27903
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20524
published_at 2026-04-21T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.20622
published_at 2026-04-09T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.206
published_at 2026-04-12T12:55:00Z
3
value 0.00066
scoring_system epss
scoring_elements 0.20766
published_at 2026-04-04T12:55:00Z
4
value 0.00066
scoring_system epss
scoring_elements 0.20486
published_at 2026-04-07T12:55:00Z
5
value 0.00066
scoring_system epss
scoring_elements 0.20563
published_at 2026-04-08T12:55:00Z
6
value 0.00066
scoring_system epss
scoring_elements 0.20642
published_at 2026-04-11T12:55:00Z
7
value 0.00066
scoring_system epss
scoring_elements 0.20529
published_at 2026-04-18T12:55:00Z
8
value 0.00066
scoring_system epss
scoring_elements 0.20532
published_at 2026-04-16T12:55:00Z
9
value 0.00066
scoring_system epss
scoring_elements 0.20706
published_at 2026-04-02T12:55:00Z
10
value 0.00066
scoring_system epss
scoring_elements 0.20547
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27903
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27903.json
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27903.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/554587b06db553ce35fa362d7a0b0aef33a57afb
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/554587b06db553ce35fa362d7a0b0aef33a57afb
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:49:07Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177632
reference_id 2177632
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177632
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27903
reference_id CVE-2023-27903
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27903
7
reference_url https://github.com/advisories/GHSA-584m-7r4m-8j6v
reference_id GHSA-584m-7r4m-8j6v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-584m-7r4m-8j6v
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
12
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
13
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
14
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
15
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
16
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-27903, GHSA-584m-7r4m-8j6v
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-432r-ukuw-4bgt
1
url VCID-6925-fwf4-f7df
vulnerability_id VCID-6925-fwf4-f7df
summary 
Generation of Error Message Containing Sensitive Information
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27904
reference_id
reference_type
scores
0
value 0.00495
scoring_system epss
scoring_elements 0.65795
published_at 2026-04-21T12:55:00Z
1
value 0.00495
scoring_system epss
scoring_elements 0.65783
published_at 2026-04-09T12:55:00Z
2
value 0.00495
scoring_system epss
scoring_elements 0.6579
published_at 2026-04-12T12:55:00Z
3
value 0.00495
scoring_system epss
scoring_elements 0.65753
published_at 2026-04-04T12:55:00Z
4
value 0.00495
scoring_system epss
scoring_elements 0.65719
published_at 2026-04-07T12:55:00Z
5
value 0.00495
scoring_system epss
scoring_elements 0.65772
published_at 2026-04-08T12:55:00Z
6
value 0.00495
scoring_system epss
scoring_elements 0.65804
published_at 2026-04-11T12:55:00Z
7
value 0.00495
scoring_system epss
scoring_elements 0.65809
published_at 2026-04-18T12:55:00Z
8
value 0.00495
scoring_system epss
scoring_elements 0.65794
published_at 2026-04-16T12:55:00Z
9
value 0.00495
scoring_system epss
scoring_elements 0.65723
published_at 2026-04-02T12:55:00Z
10
value 0.00495
scoring_system epss
scoring_elements 0.6576
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27904
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:51:08Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177634
reference_id 2177634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177634
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27904
reference_id CVE-2023-27904
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27904
7
reference_url https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
reference_id GHSA-rrgp-c2w8-6vg6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
12
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
13
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
14
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
15
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
16
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
17
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-27904, GHSA-rrgp-c2w8-6vg6
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6925-fwf4-f7df
2
url VCID-7k5m-ys11-mfby
vulnerability_id VCID-7k5m-ys11-mfby
summary 
json-smart Uncontrolled Recursion vulnerability
Affected versions of [net.minidev:json-smart](https://github.com/netplex/json-smart-v1) are vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object.

When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the 3PP does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1370
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02246
published_at 2026-04-18T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02264
published_at 2026-04-08T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02286
published_at 2026-04-09T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02268
published_at 2026-04-11T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02257
published_at 2026-04-12T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02236
published_at 2026-04-16T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02254
published_at 2026-04-13T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02931
published_at 2026-04-07T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.0301
published_at 2026-04-21T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.02908
published_at 2026-04-02T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.02923
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1370
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
3
reference_url https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a
4
reference_url https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8
5
reference_url https://github.com/netplex/json-smart-v2/issues/137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netplex/json-smart-v2/issues/137
6
reference_url https://github.com/oswaldobapvicjr/jsonmerge
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/oswaldobapvicjr/jsonmerge
7
reference_url https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633
8
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748
10
reference_url https://www.cve.org/CVERecord?id=CVE-2023-1370
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cve.org/CVERecord?id=CVE-2023-1370
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
reference_id 1033474
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2188542
reference_id 2188542
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2188542
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1370
reference_id CVE-2023-1370
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1370
14
reference_url https://github.com/advisories/GHSA-493p-pfq6-5258
reference_id GHSA-493p-pfq6-5258
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-493p-pfq6-5258
15
reference_url https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258
reference_id GHSA-493p-pfq6-5258
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258
16
reference_url https://access.redhat.com/errata/RHSA-2023:2099
reference_id RHSA-2023:2099
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2099
17
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
18
reference_url https://access.redhat.com/errata/RHSA-2023:3179
reference_id RHSA-2023:3179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3179
19
reference_url https://access.redhat.com/errata/RHSA-2023:3193
reference_id RHSA-2023:3193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3193
20
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
21
reference_url https://access.redhat.com/errata/RHSA-2023:3362
reference_id RHSA-2023:3362
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3362
22
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
23
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
24
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
25
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
26
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
27
reference_url https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
reference_id stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T19:09:38Z/
url https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
28
reference_url https://usn.ubuntu.com/6011-1/
reference_id USN-6011-1
reference_type
scores
url https://usn.ubuntu.com/6011-1/
fixed_packages
aliases CVE-2023-1370, GHSA-493p-pfq6-5258
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7k5m-ys11-mfby
3
url VCID-afh4-nhxq-y3he
vulnerability_id VCID-afh4-nhxq-y3he
summary 
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20860.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20860.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-20860
reference_id
reference_type
scores
0
value 0.56284
scoring_system epss
scoring_elements 0.98118
published_at 2026-04-21T12:55:00Z
1
value 0.56284
scoring_system epss
scoring_elements 0.98099
published_at 2026-04-02T12:55:00Z
2
value 0.56284
scoring_system epss
scoring_elements 0.98103
published_at 2026-04-07T12:55:00Z
3
value 0.56284
scoring_system epss
scoring_elements 0.98108
published_at 2026-04-09T12:55:00Z
4
value 0.56284
scoring_system epss
scoring_elements 0.98113
published_at 2026-04-12T12:55:00Z
5
value 0.56284
scoring_system epss
scoring_elements 0.98114
published_at 2026-04-13T12:55:00Z
6
value 0.56284
scoring_system epss
scoring_elements 0.9812
published_at 2026-04-16T12:55:00Z
7
value 0.56284
scoring_system epss
scoring_elements 0.98122
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-20860
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20860
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20860
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/202fa5cdb3a3d0cfe6967e85fa167d978244f28a
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/202fa5cdb3a3d0cfe6967e85fa167d978244f28a
5
reference_url https://security.netapp.com/advisory/ntap-20230505-0006
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230505-0006
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2180528
reference_id 2180528
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2180528
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-20860
reference_id CVE-2023-20860
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-20860
8
reference_url https://spring.io/security/cve-2023-20860
reference_id CVE-2023-20860
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T19:05:19Z/
url https://spring.io/security/cve-2023-20860
9
reference_url https://github.com/advisories/GHSA-7phw-cxx7-q9vq
reference_id GHSA-7phw-cxx7-q9vq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7phw-cxx7-q9vq
10
reference_url https://security.netapp.com/advisory/ntap-20230505-0006/
reference_id ntap-20230505-0006
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T19:05:19Z/
url https://security.netapp.com/advisory/ntap-20230505-0006/
11
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
12
reference_url https://access.redhat.com/errata/RHSA-2023:3185
reference_id RHSA-2023:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3185
13
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
14
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
15
reference_url https://access.redhat.com/errata/RHSA-2023:3625
reference_id RHSA-2023:3625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3625
16
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
17
reference_url https://access.redhat.com/errata/RHSA-2023:3771
reference_id RHSA-2023:3771
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3771
18
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
fixed_packages
aliases CVE-2023-20860, GHSA-7phw-cxx7-q9vq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afh4-nhxq-y3he
4
url VCID-z3th-j593-m7bg
vulnerability_id VCID-z3th-j593-m7bg
summary 
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20861.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20861.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-20861
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57658
published_at 2026-04-09T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57653
published_at 2026-04-08T12:55:00Z
2
value 0.00352
scoring_system epss
scoring_elements 0.576
published_at 2026-04-07T12:55:00Z
3
value 0.00352
scoring_system epss
scoring_elements 0.57625
published_at 2026-04-04T12:55:00Z
4
value 0.00352
scoring_system epss
scoring_elements 0.57604
published_at 2026-04-02T12:55:00Z
5
value 0.00409
scoring_system epss
scoring_elements 0.61275
published_at 2026-04-21T12:55:00Z
6
value 0.00409
scoring_system epss
scoring_elements 0.61283
published_at 2026-04-11T12:55:00Z
7
value 0.00409
scoring_system epss
scoring_elements 0.61269
published_at 2026-04-12T12:55:00Z
8
value 0.00409
scoring_system epss
scoring_elements 0.6125
published_at 2026-04-13T12:55:00Z
9
value 0.00409
scoring_system epss
scoring_elements 0.6129
published_at 2026-04-16T12:55:00Z
10
value 0.00409
scoring_system epss
scoring_elements 0.61295
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-20861
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20861
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20861
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/430fc25acad2e85cbdddcd52b64481691f03ebd1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/430fc25acad2e85cbdddcd52b64481691f03ebd1
5
reference_url https://github.com/spring-projects/spring-framework/commit/52c93b1c4b24d70de233a958e60e7c5822bd274f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/52c93b1c4b24d70de233a958e60e7c5822bd274f
6
reference_url https://github.com/spring-projects/spring-framework/commit/935c29e3ddba5b19951e54f6685c70ed45d9cbe5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/935c29e3ddba5b19951e54f6685c70ed45d9cbe5
7
reference_url https://security.netapp.com/advisory/ntap-20230420-0007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230420-0007
8
reference_url https://security.netapp.com/advisory/ntap-20230420-0007/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T15:31:28Z/
url https://security.netapp.com/advisory/ntap-20230420-0007/
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2180530
reference_id 2180530
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2180530
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-20861
reference_id CVE-2023-20861
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-20861
11
reference_url https://spring.io/security/cve-2023-20861
reference_id CVE-2023-20861
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T15:31:28Z/
url https://spring.io/security/cve-2023-20861
12
reference_url https://github.com/advisories/GHSA-564r-hj7v-mcr5
reference_id GHSA-564r-hj7v-mcr5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-564r-hj7v-mcr5
13
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
14
reference_url https://access.redhat.com/errata/RHSA-2023:3185
reference_id RHSA-2023:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3185
15
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
16
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
17
reference_url https://access.redhat.com/errata/RHSA-2023:3771
reference_id RHSA-2023:3771
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3771
18
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
19
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-20861, GHSA-564r-hj7v-mcr5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3th-j593-m7bg
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.401.1.1686680404-3%3Farch=el8