Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins@2.387.3.1684911776-3?arch=el8
Typerpm
Namespaceredhat
Namejenkins
Version2.387.3.1684911776-3
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2cup-9gdn-yyhk
vulnerability_id VCID-2cup-9gdn-yyhk
summary 
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46877.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46877.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-46877
reference_id
reference_type
scores
0
value 0.00252
scoring_system epss
scoring_elements 0.48562
published_at 2026-04-04T12:55:00Z
1
value 0.00252
scoring_system epss
scoring_elements 0.48539
published_at 2026-04-02T12:55:00Z
2
value 0.00252
scoring_system epss
scoring_elements 0.48504
published_at 2026-04-01T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52692
published_at 2026-04-21T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52599
published_at 2026-04-07T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.5265
published_at 2026-04-08T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52645
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52695
published_at 2026-04-11T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52679
published_at 2026-04-12T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52663
published_at 2026-04-13T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52701
published_at 2026-04-16T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.52709
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-46877
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46877
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46877
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb
6
reference_url https://github.com/FasterXML/jackson-databind/issues/3328
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T15:58:50Z/
url https://github.com/FasterXML/jackson-databind/issues/3328
7
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12.6
8
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13.1
9
reference_url https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T15:58:50Z/
url https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2185707
reference_id 2185707
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2185707
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46877
reference_id CVE-2021-46877
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46877
12
reference_url https://github.com/advisories/GHSA-3x8x-79m2-3w2w
reference_id GHSA-3x8x-79m2-3w2w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x8x-79m2-3w2w
13
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
14
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
15
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
16
reference_url https://access.redhat.com/errata/RHSA-2023:3373
reference_id RHSA-2023:3373
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3373
17
reference_url https://access.redhat.com/errata/RHSA-2023:3610
reference_id RHSA-2023:3610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3610
18
reference_url https://access.redhat.com/errata/RHSA-2023:3815
reference_id RHSA-2023:3815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3815
19
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
20
reference_url https://access.redhat.com/errata/RHSA-2023:5147
reference_id RHSA-2023:5147
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5147
fixed_packages
aliases CVE-2021-46877, GHSA-3x8x-79m2-3w2w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cup-9gdn-yyhk
1
url VCID-56jv-htmt-rkew
vulnerability_id VCID-56jv-htmt-rkew
summary 
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.




Note that, like all of the file upload limits, the
          new configuration option (FileUploadBase#setFileCountMax) is not
          enabled by default and must be explicitly configured.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24998.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24998.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24998
reference_id
reference_type
scores
0
value 0.36406
scoring_system epss
scoring_elements 0.97133
published_at 2026-04-21T12:55:00Z
1
value 0.36406
scoring_system epss
scoring_elements 0.97128
published_at 2026-04-18T12:55:00Z
2
value 0.36406
scoring_system epss
scoring_elements 0.97125
published_at 2026-04-16T12:55:00Z
3
value 0.36406
scoring_system epss
scoring_elements 0.97117
published_at 2026-04-13T12:55:00Z
4
value 0.36406
scoring_system epss
scoring_elements 0.97116
published_at 2026-04-12T12:55:00Z
5
value 0.49443
scoring_system epss
scoring_elements 0.97782
published_at 2026-04-08T12:55:00Z
6
value 0.49443
scoring_system epss
scoring_elements 0.97788
published_at 2026-04-11T12:55:00Z
7
value 0.49443
scoring_system epss
scoring_elements 0.97786
published_at 2026-04-09T12:55:00Z
8
value 0.49443
scoring_system epss
scoring_elements 0.97779
published_at 2026-04-07T12:55:00Z
9
value 0.49443
scoring_system epss
scoring_elements 0.97777
published_at 2026-04-04T12:55:00Z
10
value 0.49443
scoring_system epss
scoring_elements 0.97775
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24998
2
reference_url https://commons.apache.org/proper/commons-fileupload/security-reports.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://commons.apache.org/proper/commons-fileupload/security-reports.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/commons-fileupload
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-fileupload
5
reference_url https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
6
reference_url https://github.com/apache/tomcat/commit/063e2e81ede50c287f737cc8e2915ce7217e886e
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/063e2e81ede50c287f737cc8e2915ce7217e886e
7
reference_url https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce
8
reference_url https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e
9
reference_url https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74
10
reference_url https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
11
reference_url https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
12
reference_url https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
13
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
14
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html
15
reference_url https://security.gentoo.org/glsa/202305-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202305-37
16
reference_url https://security.netapp.com/advisory/ntap-20230302-0013
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230302-0013
17
reference_url https://security.netapp.com/advisory/ntap-20241108-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241108-0002
18
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
19
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
20
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
21
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
22
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
23
reference_url http://www.openwall.com/lists/oss-security/2023/05/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/05/22/1
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031733
reference_id 1031733
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031733
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172298
reference_id 2172298
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172298
26
reference_url https://security.archlinux.org/AVG-2829
reference_id AVG-2829
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2829
27
reference_url https://security.archlinux.org/AVG-2830
reference_id AVG-2830
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2830
28
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
reference_id CVE-2023-24998
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24998
reference_id CVE-2023-24998
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24998
30
reference_url https://github.com/advisories/GHSA-hfrx-6qgj-fp6c
reference_id GHSA-hfrx-6qgj-fp6c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfrx-6qgj-fp6c
31
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
32
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
33
reference_url https://access.redhat.com/errata/RHSA-2023:4909
reference_id RHSA-2023:4909
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4909
34
reference_url https://access.redhat.com/errata/RHSA-2023:4910
reference_id RHSA-2023:4910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4910
35
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
36
reference_url https://access.redhat.com/errata/RHSA-2023:6570
reference_id RHSA-2023:6570
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6570
37
reference_url https://access.redhat.com/errata/RHSA-2023:7065
reference_id RHSA-2023:7065
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7065
fixed_packages
aliases CVE-2023-24998, GHSA-hfrx-6qgj-fp6c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56jv-htmt-rkew
2
url VCID-6925-fwf4-f7df
vulnerability_id VCID-6925-fwf4-f7df
summary 
Generation of Error Message Containing Sensitive Information
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27904
reference_id
reference_type
scores
0
value 0.00495
scoring_system epss
scoring_elements 0.65795
published_at 2026-04-21T12:55:00Z
1
value 0.00495
scoring_system epss
scoring_elements 0.65783
published_at 2026-04-09T12:55:00Z
2
value 0.00495
scoring_system epss
scoring_elements 0.6579
published_at 2026-04-12T12:55:00Z
3
value 0.00495
scoring_system epss
scoring_elements 0.65753
published_at 2026-04-04T12:55:00Z
4
value 0.00495
scoring_system epss
scoring_elements 0.65719
published_at 2026-04-07T12:55:00Z
5
value 0.00495
scoring_system epss
scoring_elements 0.65772
published_at 2026-04-08T12:55:00Z
6
value 0.00495
scoring_system epss
scoring_elements 0.65804
published_at 2026-04-11T12:55:00Z
7
value 0.00495
scoring_system epss
scoring_elements 0.65809
published_at 2026-04-18T12:55:00Z
8
value 0.00495
scoring_system epss
scoring_elements 0.65794
published_at 2026-04-16T12:55:00Z
9
value 0.00495
scoring_system epss
scoring_elements 0.65723
published_at 2026-04-02T12:55:00Z
10
value 0.00495
scoring_system epss
scoring_elements 0.6576
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27904
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27904.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/40663588eea4ac953209bd8845b6b880792f92cc
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:51:08Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177634
reference_id 2177634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177634
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27904
reference_id CVE-2023-27904
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27904
7
reference_url https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
reference_id GHSA-rrgp-c2w8-6vg6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrgp-c2w8-6vg6
8
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
9
reference_url https://access.redhat.com/errata/RHSA-2023:3195
reference_id RHSA-2023:3195
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3195
10
reference_url https://access.redhat.com/errata/RHSA-2023:3198
reference_id RHSA-2023:3198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3198
11
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
12
reference_url https://access.redhat.com/errata/RHSA-2023:3622
reference_id RHSA-2023:3622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3622
13
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
14
reference_url https://access.redhat.com/errata/RHSA-2023:6171
reference_id RHSA-2023:6171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6171
15
reference_url https://access.redhat.com/errata/RHSA-2023:6172
reference_id RHSA-2023:6172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6172
16
reference_url https://access.redhat.com/errata/RHSA-2024:0775
reference_id RHSA-2024:0775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0775
17
reference_url https://access.redhat.com/errata/RHSA-2024:0778
reference_id RHSA-2024:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0778
fixed_packages
aliases CVE-2023-27904, GHSA-rrgp-c2w8-6vg6
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6925-fwf4-f7df
3
url VCID-7xf4-2kjf-87fe
vulnerability_id VCID-7xf4-2kjf-87fe
summary 
Improper Access Control
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27902.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27902.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27902
reference_id
reference_type
scores
0
value 0.00788
scoring_system epss
scoring_elements 0.73877
published_at 2026-04-21T12:55:00Z
1
value 0.00788
scoring_system epss
scoring_elements 0.73861
published_at 2026-04-11T12:55:00Z
2
value 0.00788
scoring_system epss
scoring_elements 0.73821
published_at 2026-04-04T12:55:00Z
3
value 0.00788
scoring_system epss
scoring_elements 0.73791
published_at 2026-04-07T12:55:00Z
4
value 0.00788
scoring_system epss
scoring_elements 0.73826
published_at 2026-04-08T12:55:00Z
5
value 0.00788
scoring_system epss
scoring_elements 0.73839
published_at 2026-04-09T12:55:00Z
6
value 0.00788
scoring_system epss
scoring_elements 0.73843
published_at 2026-04-12T12:55:00Z
7
value 0.00788
scoring_system epss
scoring_elements 0.73885
published_at 2026-04-18T12:55:00Z
8
value 0.00788
scoring_system epss
scoring_elements 0.73876
published_at 2026-04-16T12:55:00Z
9
value 0.00788
scoring_system epss
scoring_elements 0.73798
published_at 2026-04-02T12:55:00Z
10
value 0.00788
scoring_system epss
scoring_elements 0.73835
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27902
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27902.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27902.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/80452662b31ac6c9f4418cffae1af6af4daf479a
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/80452662b31ac6c9f4418cffae1af6af4daf479a
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:46:37Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177630
reference_id 2177630
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177630
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27902
reference_id CVE-2023-27902
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27902
7
reference_url https://github.com/advisories/GHSA-cj6r-8pxj-5jv6
reference_id GHSA-cj6r-8pxj-5jv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj6r-8pxj-5jv6
8
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
fixed_packages
aliases CVE-2023-27902, GHSA-cj6r-8pxj-5jv6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7xf4-2kjf-87fe
4
url VCID-dvyn-m8js-xbc2
vulnerability_id VCID-dvyn-m8js-xbc2
summary 
Allocation of Resources Without Limits or Throttling
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27901.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27901.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27901
reference_id
reference_type
scores
0
value 0.00622
scoring_system epss
scoring_elements 0.70128
published_at 2026-04-21T12:55:00Z
1
value 0.00622
scoring_system epss
scoring_elements 0.70124
published_at 2026-04-11T12:55:00Z
2
value 0.00622
scoring_system epss
scoring_elements 0.7006
published_at 2026-04-04T12:55:00Z
3
value 0.00622
scoring_system epss
scoring_elements 0.70037
published_at 2026-04-07T12:55:00Z
4
value 0.00622
scoring_system epss
scoring_elements 0.70085
published_at 2026-04-08T12:55:00Z
5
value 0.00622
scoring_system epss
scoring_elements 0.70101
published_at 2026-04-09T12:55:00Z
6
value 0.00622
scoring_system epss
scoring_elements 0.7011
published_at 2026-04-12T12:55:00Z
7
value 0.00622
scoring_system epss
scoring_elements 0.70149
published_at 2026-04-18T12:55:00Z
8
value 0.00622
scoring_system epss
scoring_elements 0.7014
published_at 2026-04-16T12:55:00Z
9
value 0.00622
scoring_system epss
scoring_elements 0.70044
published_at 2026-04-02T12:55:00Z
10
value 0.00622
scoring_system epss
scoring_elements 0.70097
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27901
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27901.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27901.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:44:36Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177646
reference_id 2177646
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177646
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27901
reference_id CVE-2023-27901
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27901
7
reference_url https://github.com/advisories/GHSA-h76p-mc68-jv3p
reference_id GHSA-h76p-mc68-jv3p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h76p-mc68-jv3p
8
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
fixed_packages
aliases CVE-2023-27901, GHSA-h76p-mc68-jv3p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvyn-m8js-xbc2
5
url VCID-hqzr-vc5w-9ff5
vulnerability_id VCID-hqzr-vc5w-9ff5
summary 
Denial of Service due to parser crash
Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40152
reference_id
reference_type
scores
0
value 0.00803
scoring_system epss
scoring_elements 0.7414
published_at 2026-04-21T12:55:00Z
1
value 0.00803
scoring_system epss
scoring_elements 0.7415
published_at 2026-04-18T12:55:00Z
2
value 0.00803
scoring_system epss
scoring_elements 0.74141
published_at 2026-04-16T12:55:00Z
3
value 0.00803
scoring_system epss
scoring_elements 0.74102
published_at 2026-04-13T12:55:00Z
4
value 0.00803
scoring_system epss
scoring_elements 0.74109
published_at 2026-04-12T12:55:00Z
5
value 0.00803
scoring_system epss
scoring_elements 0.74126
published_at 2026-04-11T12:55:00Z
6
value 0.00803
scoring_system epss
scoring_elements 0.74105
published_at 2026-04-09T12:55:00Z
7
value 0.00803
scoring_system epss
scoring_elements 0.7409
published_at 2026-04-08T12:55:00Z
8
value 0.00803
scoring_system epss
scoring_elements 0.74057
published_at 2026-04-07T12:55:00Z
9
value 0.00803
scoring_system epss
scoring_elements 0.7406
published_at 2026-04-02T12:55:00Z
10
value 0.00803
scoring_system epss
scoring_elements 0.74086
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40152
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/FasterXML/woodstox
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox
6
reference_url https://github.com/FasterXML/woodstox/issues/157
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/157
7
reference_url https://github.com/FasterXML/woodstox/issues/160
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/160
8
reference_url https://github.com/FasterXML/woodstox/pull/159
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/pull/159
9
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/
url https://github.com/x-stream/xstream/issues/304
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40152
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40152
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032089
reference_id 1032089
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032089
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134291
reference_id 2134291
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134291
13
reference_url https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
reference_id GHSA-3f7h-mf4q-vrm4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
14
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
15
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
16
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
17
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
18
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
19
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
20
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
21
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
22
reference_url https://access.redhat.com/errata/RHSA-2023:3815
reference_id RHSA-2023:3815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3815
23
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
24
reference_url https://access.redhat.com/errata/RHSA-2025:4437
reference_id RHSA-2025:4437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4437
fixed_packages
aliases CVE-2022-40152, GHSA-3f7h-mf4q-vrm4
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqzr-vc5w-9ff5
6
url VCID-mfub-hwcq-pqbt
vulnerability_id VCID-mfub-hwcq-pqbt
summary 
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
### Impact
The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream.

### Patches
XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead.

### Workarounds
The only solution is to catch the StackOverflowError in the client code calling XStream.

### References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2022-40151](https://x-stream.github.io/CVE-2022-40151.html).

### Credits
The vulnerability was discovered and reported by Henry Lin of the Google OSS-Fuzz team.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)
* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40151.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40151.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40151
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49206
published_at 2026-04-21T12:55:00Z
1
value 0.00258
scoring_system epss
scoring_elements 0.49237
published_at 2026-04-18T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.49239
published_at 2026-04-16T12:55:00Z
3
value 0.00258
scoring_system epss
scoring_elements 0.49192
published_at 2026-04-13T12:55:00Z
4
value 0.00258
scoring_system epss
scoring_elements 0.49188
published_at 2026-04-12T12:55:00Z
5
value 0.00258
scoring_system epss
scoring_elements 0.49215
published_at 2026-04-11T12:55:00Z
6
value 0.00258
scoring_system epss
scoring_elements 0.49197
published_at 2026-04-09T12:55:00Z
7
value 0.00258
scoring_system epss
scoring_elements 0.49166
published_at 2026-04-02T12:55:00Z
8
value 0.00258
scoring_system epss
scoring_elements 0.49146
published_at 2026-04-07T12:55:00Z
9
value 0.00258
scoring_system epss
scoring_elements 0.49194
published_at 2026-04-04T12:55:00Z
10
value 0.00258
scoring_system epss
scoring_elements 0.492
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40151
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:18Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
6
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:18Z/
url https://github.com/x-stream/xstream/issues/304
7
reference_url https://github.com/x-stream/xstream/issues/314
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/issues/314
8
reference_url https://github.com/x-stream/xstream/security/advisories/GHSA-f8cc-g7j8-xxpm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/security/advisories/GHSA-f8cc-g7j8-xxpm
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40151
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40151
10
reference_url https://x-stream.github.io/CVE-2022-40151.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://x-stream.github.io/CVE-2022-40151.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134292
reference_id 2134292
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134292
12
reference_url https://github.com/advisories/GHSA-f8cc-g7j8-xxpm
reference_id GHSA-f8cc-g7j8-xxpm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f8cc-g7j8-xxpm
13
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
14
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
15
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
fixed_packages
aliases CVE-2022-40151, GHSA-f8cc-g7j8-xxpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfub-hwcq-pqbt
7
url VCID-suxb-vrqh-wffp
vulnerability_id VCID-suxb-vrqh-wffp
summary 
Authorization bypass in Spring Security
In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22978.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22978.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22978
reference_id
reference_type
scores
0
value 0.90406
scoring_system epss
scoring_elements 0.99603
published_at 2026-04-02T12:55:00Z
1
value 0.90406
scoring_system epss
scoring_elements 0.99607
published_at 2026-04-16T12:55:00Z
2
value 0.90406
scoring_system epss
scoring_elements 0.99606
published_at 2026-04-13T12:55:00Z
3
value 0.90406
scoring_system epss
scoring_elements 0.99605
published_at 2026-04-07T12:55:00Z
4
value 0.90406
scoring_system epss
scoring_elements 0.99604
published_at 2026-04-04T12:55:00Z
5
value 0.9071
scoring_system epss
scoring_elements 0.99622
published_at 2026-04-18T12:55:00Z
6
value 0.9071
scoring_system epss
scoring_elements 0.99625
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22978
2
reference_url https://github.com/anchore/grype/issues/2158
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/anchore/grype/issues/2158
3
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
4
reference_url https://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22978
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22978
6
reference_url https://security.netapp.com/advisory/ntap-20220707-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220707-0003
7
reference_url https://spring.io/security/cve-2022-22978
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://spring.io/security/cve-2022-22978
8
reference_url https://tanzu.vmware.com/security/cve-2022-22978
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2022-22978
9
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2087606
reference_id 2087606
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2087606
11
reference_url https://github.com/advisories/GHSA-hh32-7344-cg2f
reference_id GHSA-hh32-7344-cg2f
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hh32-7344-cg2f
12
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
13
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
fixed_packages
aliases CVE-2022-22978, GHSA-hh32-7344-cg2f
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-suxb-vrqh-wffp
8
url VCID-xznu-vdv9-eue6
vulnerability_id VCID-xznu-vdv9-eue6
summary 
Allocation of Resources Without Limits or Throttling
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27900.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27900.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27900
reference_id
reference_type
scores
0
value 0.00622
scoring_system epss
scoring_elements 0.70128
published_at 2026-04-21T12:55:00Z
1
value 0.00622
scoring_system epss
scoring_elements 0.70044
published_at 2026-04-02T12:55:00Z
2
value 0.00622
scoring_system epss
scoring_elements 0.7006
published_at 2026-04-04T12:55:00Z
3
value 0.00622
scoring_system epss
scoring_elements 0.70037
published_at 2026-04-07T12:55:00Z
4
value 0.00622
scoring_system epss
scoring_elements 0.70085
published_at 2026-04-08T12:55:00Z
5
value 0.00622
scoring_system epss
scoring_elements 0.70101
published_at 2026-04-09T12:55:00Z
6
value 0.00622
scoring_system epss
scoring_elements 0.70124
published_at 2026-04-11T12:55:00Z
7
value 0.00622
scoring_system epss
scoring_elements 0.7011
published_at 2026-04-12T12:55:00Z
8
value 0.00622
scoring_system epss
scoring_elements 0.70097
published_at 2026-04-13T12:55:00Z
9
value 0.00622
scoring_system epss
scoring_elements 0.7014
published_at 2026-04-16T12:55:00Z
10
value 0.00622
scoring_system epss
scoring_elements 0.70149
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27900
2
reference_url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27900.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27900.json
3
reference_url https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/b70f4cb5892bd6059a45b5f156f019ce572adb08
4
reference_url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T18:41:35Z/
url https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177638
reference_id 2177638
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177638
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27900
reference_id CVE-2023-27900
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27900
7
reference_url https://github.com/advisories/GHSA-frgr-c5f2-8qhh
reference_id GHSA-frgr-c5f2-8qhh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-frgr-c5f2-8qhh
8
reference_url https://access.redhat.com/errata/RHSA-2023:3299
reference_id RHSA-2023:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3299
fixed_packages
aliases CVE-2023-27900, GHSA-frgr-c5f2-8qhh
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xznu-vdv9-eue6
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.387.3.1684911776-3%3Farch=el8