Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/nodejs@1:16.19.1-1?arch=el9_2
Typerpm
Namespaceredhat
Namenodejs
Version1:16.19.1-1
Qualifiers
arch el9_2
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-5vh6-usw6-2qhy
vulnerability_id VCID-5vh6-usw6-2qhy
summary 
Improper Input Validation
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4904
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.37124
published_at 2026-04-02T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36736
published_at 2026-04-24T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.36987
published_at 2026-04-07T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.37037
published_at 2026-04-08T12:55:00Z
4
value 0.00161
scoring_system epss
scoring_elements 0.3705
published_at 2026-04-09T12:55:00Z
5
value 0.00161
scoring_system epss
scoring_elements 0.37059
published_at 2026-04-11T12:55:00Z
6
value 0.00161
scoring_system epss
scoring_elements 0.37025
published_at 2026-04-12T12:55:00Z
7
value 0.00161
scoring_system epss
scoring_elements 0.36999
published_at 2026-04-13T12:55:00Z
8
value 0.00161
scoring_system epss
scoring_elements 0.37044
published_at 2026-04-16T12:55:00Z
9
value 0.00161
scoring_system epss
scoring_elements 0.37026
published_at 2026-04-18T12:55:00Z
10
value 0.00161
scoring_system epss
scoring_elements 0.36967
published_at 2026-04-21T12:55:00Z
11
value 0.00161
scoring_system epss
scoring_elements 0.37156
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4904
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2168631
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2168631
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/c-ares/c-ares/issues/496
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://github.com/c-ares/c-ares/issues/496
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525
reference_id 1031525
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
reference_id 33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4904
reference_id CVE-2022-4904
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-4904
10
reference_url https://security.gentoo.org/glsa/202401-02
reference_id GLSA-202401-02
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://security.gentoo.org/glsa/202401-02
11
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
12
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
13
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
14
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
15
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
16
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
17
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
18
reference_url https://access.redhat.com/errata/RHSA-2023:4035
reference_id RHSA-2023:4035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4035
19
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
20
reference_url https://access.redhat.com/errata/RHSA-2023:6291
reference_id RHSA-2023:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6291
21
reference_url https://access.redhat.com/errata/RHSA-2023:6635
reference_id RHSA-2023:6635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6635
22
reference_url https://access.redhat.com/errata/RHSA-2023:7116
reference_id RHSA-2023:7116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7116
23
reference_url https://access.redhat.com/errata/RHSA-2023:7368
reference_id RHSA-2023:7368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7368
24
reference_url https://access.redhat.com/errata/RHSA-2023:7543
reference_id RHSA-2023:7543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7543
25
reference_url https://usn.ubuntu.com/5907-1/
reference_id USN-5907-1
reference_type
scores
url https://usn.ubuntu.com/5907-1/
fixed_packages
aliases CVE-2022-4904
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vh6-usw6-2qhy
1
url VCID-7nnu-jtjx-u3ff
vulnerability_id VCID-7nnu-jtjx-u3ff
summary Node.js: Permissions policies can be bypassed via process.mainModule
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23918
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05429
published_at 2026-04-16T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05634
published_at 2026-04-24T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.055
published_at 2026-04-11T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05486
published_at 2026-04-12T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05479
published_at 2026-04-13T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05437
published_at 2026-04-18T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05599
published_at 2026-04-21T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05463
published_at 2026-04-04T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05469
published_at 2026-04-07T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05505
published_at 2026-04-08T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05526
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23918
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id 1031834
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2171935
reference_id 2171935
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2171935
5
reference_url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
reference_id february-2023-security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/
url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
6
reference_url https://security.netapp.com/advisory/ntap-20230316-0008/
reference_id ntap-20230316-0008
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/
url https://security.netapp.com/advisory/ntap-20230316-0008/
7
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
8
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
9
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
10
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
11
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
12
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
13
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
14
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
fixed_packages
aliases CVE-2023-23918
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nnu-jtjx-u3ff
2
url VCID-dtvs-pgam-qkbp
vulnerability_id VCID-dtvs-pgam-qkbp
summary 
CRLF Injection in Nodejs ‘undici’ via host
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23936.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23936.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23936
reference_id
reference_type
scores
0
value 0.00395
scoring_system epss
scoring_elements 0.60381
published_at 2026-04-24T12:55:00Z
1
value 0.00395
scoring_system epss
scoring_elements 0.60397
published_at 2026-04-21T12:55:00Z
2
value 0.00536
scoring_system epss
scoring_elements 0.67475
published_at 2026-04-13T12:55:00Z
3
value 0.00536
scoring_system epss
scoring_elements 0.67509
published_at 2026-04-12T12:55:00Z
4
value 0.00536
scoring_system epss
scoring_elements 0.67522
published_at 2026-04-11T12:55:00Z
5
value 0.00536
scoring_system epss
scoring_elements 0.67499
published_at 2026-04-09T12:55:00Z
6
value 0.00536
scoring_system epss
scoring_elements 0.67485
published_at 2026-04-08T12:55:00Z
7
value 0.00536
scoring_system epss
scoring_elements 0.67523
published_at 2026-04-18T12:55:00Z
8
value 0.00536
scoring_system epss
scoring_elements 0.67511
published_at 2026-04-16T12:55:00Z
9
value 0.00602
scoring_system epss
scoring_elements 0.69433
published_at 2026-04-07T12:55:00Z
10
value 0.00727
scoring_system epss
scoring_elements 0.72567
published_at 2026-04-02T12:55:00Z
11
value 0.00727
scoring_system epss
scoring_elements 0.72583
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23936
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
5
reference_url https://github.com/nodejs/undici/releases/tag/v5.19.1
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/releases/tag/v5.19.1
6
reference_url https://hackerone.com/reports/1820955
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://hackerone.com/reports/1820955
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
reference_id 1031418
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172190
reference_id 2172190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172190
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23936
reference_id CVE-2023-23936
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23936
10
reference_url https://github.com/advisories/GHSA-5r9g-qh6m-jxff
reference_id GHSA-5r9g-qh6m-jxff
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r9g-qh6m-jxff
11
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
reference_id GHSA-5r9g-qh6m-jxff
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
12
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
13
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
14
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
15
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
16
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
fixed_packages
aliases CVE-2023-23936, GHSA-5r9g-qh6m-jxff
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtvs-pgam-qkbp
3
url VCID-hnjv-fp2r-vqfq
vulnerability_id VCID-hnjv-fp2r-vqfq
summary Node.js: insecure loading of ICU data through ICU_DATA environment variable
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23920
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26656
published_at 2026-04-02T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26385
published_at 2026-04-24T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26485
published_at 2026-04-07T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26553
published_at 2026-04-08T12:55:00Z
4
value 0.00096
scoring_system epss
scoring_elements 0.26602
published_at 2026-04-09T12:55:00Z
5
value 0.00096
scoring_system epss
scoring_elements 0.26608
published_at 2026-04-11T12:55:00Z
6
value 0.00096
scoring_system epss
scoring_elements 0.26562
published_at 2026-04-12T12:55:00Z
7
value 0.00096
scoring_system epss
scoring_elements 0.26505
published_at 2026-04-13T12:55:00Z
8
value 0.00096
scoring_system epss
scoring_elements 0.26511
published_at 2026-04-16T12:55:00Z
9
value 0.00096
scoring_system epss
scoring_elements 0.26483
published_at 2026-04-18T12:55:00Z
10
value 0.00096
scoring_system epss
scoring_elements 0.26446
published_at 2026-04-21T12:55:00Z
11
value 0.00096
scoring_system epss
scoring_elements 0.26699
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23920
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id 1031834
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172217
reference_id 2172217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172217
6
reference_url https://www.debian.org/security/2023/dsa-5395
reference_id dsa-5395
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://www.debian.org/security/2023/dsa-5395
7
reference_url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
reference_id february-2023-security-releases
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
8
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html
9
reference_url https://security.netapp.com/advisory/ntap-20230316-0008/
reference_id ntap-20230316-0008
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://security.netapp.com/advisory/ntap-20230316-0008/
10
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
11
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
12
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
13
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
14
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
15
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
16
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
17
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
18
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
19
reference_url https://usn.ubuntu.com/6672-1/
reference_id USN-6672-1
reference_type
scores
url https://usn.ubuntu.com/6672-1/
fixed_packages
aliases CVE-2023-23920
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnjv-fp2r-vqfq
4
url VCID-m78y-81wr-y3cz
vulnerability_id VCID-m78y-81wr-y3cz
summary 
http-cache-semantics vulnerable to Regular Expression Denial of Service
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25881.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25881.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25881
reference_id
reference_type
scores
0
value 0.00196
scoring_system epss
scoring_elements 0.41388
published_at 2026-04-24T12:55:00Z
1
value 0.00196
scoring_system epss
scoring_elements 0.41591
published_at 2026-04-04T12:55:00Z
2
value 0.00196
scoring_system epss
scoring_elements 0.41517
published_at 2026-04-07T12:55:00Z
3
value 0.00196
scoring_system epss
scoring_elements 0.41562
published_at 2026-04-02T12:55:00Z
4
value 0.00196
scoring_system epss
scoring_elements 0.41596
published_at 2026-04-16T12:55:00Z
5
value 0.00196
scoring_system epss
scoring_elements 0.41551
published_at 2026-04-13T12:55:00Z
6
value 0.00196
scoring_system epss
scoring_elements 0.41565
published_at 2026-04-12T12:55:00Z
7
value 0.00196
scoring_system epss
scoring_elements 0.41598
published_at 2026-04-11T12:55:00Z
8
value 0.00196
scoring_system epss
scoring_elements 0.41567
published_at 2026-04-08T12:55:00Z
9
value 0.00196
scoring_system epss
scoring_elements 0.41576
published_at 2026-04-09T12:55:00Z
10
value 0.00196
scoring_system epss
scoring_elements 0.41495
published_at 2026-04-21T12:55:00Z
11
value 0.00196
scoring_system epss
scoring_elements 0.41571
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25881
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/kornelski/http-cache-semantics
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kornelski/http-cache-semantics
4
reference_url https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T17:16:22Z/
url https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83
5
reference_url https://github.com/kornelski/http-cache-semantics/commit/560b2d8ef452bbba20ffed69dc155d63ac757b74
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kornelski/http-cache-semantics/commit/560b2d8ef452bbba20ffed69dc155d63ac757b74
6
reference_url https://security.netapp.com/advisory/ntap-20230622-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230622-0008
7
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T17:16:22Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332
8
reference_url https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T17:16:22Z/
url https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2165824
reference_id 2165824
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2165824
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25881
reference_id CVE-2022-25881
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25881
11
reference_url https://github.com/advisories/GHSA-rc47-6667-2j5j
reference_id GHSA-rc47-6667-2j5j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rc47-6667-2j5j
12
reference_url https://security.netapp.com/advisory/ntap-20230622-0008/
reference_id ntap-20230622-0008
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T17:16:22Z/
url https://security.netapp.com/advisory/ntap-20230622-0008/
13
reference_url https://access.redhat.com/errata/RHSA-2023:1428
reference_id RHSA-2023:1428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1428
14
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
15
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
16
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
17
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
18
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
19
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
20
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
21
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
22
reference_url https://access.redhat.com/errata/RHSA-2023:3815
reference_id RHSA-2023:3815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3815
23
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
fixed_packages
aliases CVE-2022-25881, GHSA-rc47-6667-2j5j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m78y-81wr-y3cz
5
url VCID-vh17-44d1-kyf7
vulnerability_id VCID-vh17-44d1-kyf7
summary 
Regular Expression Denial of Service in Headers
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods is vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24807.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24807.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24807
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.53724
published_at 2026-04-24T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.53674
published_at 2026-04-02T12:55:00Z
2
value 0.00305
scoring_system epss
scoring_elements 0.53701
published_at 2026-04-04T12:55:00Z
3
value 0.00305
scoring_system epss
scoring_elements 0.53669
published_at 2026-04-07T12:55:00Z
4
value 0.00305
scoring_system epss
scoring_elements 0.53722
published_at 2026-04-08T12:55:00Z
5
value 0.00305
scoring_system epss
scoring_elements 0.5372
published_at 2026-04-09T12:55:00Z
6
value 0.00305
scoring_system epss
scoring_elements 0.53768
published_at 2026-04-11T12:55:00Z
7
value 0.00305
scoring_system epss
scoring_elements 0.53751
published_at 2026-04-12T12:55:00Z
8
value 0.00305
scoring_system epss
scoring_elements 0.53735
published_at 2026-04-13T12:55:00Z
9
value 0.00305
scoring_system epss
scoring_elements 0.53772
published_at 2026-04-16T12:55:00Z
10
value 0.00305
scoring_system epss
scoring_elements 0.53777
published_at 2026-04-18T12:55:00Z
11
value 0.00305
scoring_system epss
scoring_elements 0.53759
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24807
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
5
reference_url https://github.com/nodejs/undici/releases/tag/v5.19.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/releases/tag/v5.19.1
6
reference_url https://hackerone.com/bugs?report_id=1784449
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://hackerone.com/bugs?report_id=1784449
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
reference_id 1031418
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172204
reference_id 2172204
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172204
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24807
reference_id CVE-2023-24807
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24807
10
reference_url https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
reference_id GHSA-r6ch-mqf9-qc9w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
11
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
reference_id GHSA-r6ch-mqf9-qc9w
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
12
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
13
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
14
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
15
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
16
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
fixed_packages
aliases CVE-2023-24807, GHSA-r6ch-mqf9-qc9w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vh17-44d1-kyf7
6
url VCID-y9aa-2a31-ufa7
vulnerability_id VCID-y9aa-2a31-ufa7
summary 
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1.

This vulnerability is separate from [GHSA-ww39-953v-wcq6](https://github.com/advisories/GHSA-ww39-953v-wcq6).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35065.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35065.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-35065
reference_id
reference_type
scores
0
value 0.00431
scoring_system epss
scoring_elements 0.62509
published_at 2026-04-01T12:55:00Z
1
value 0.00431
scoring_system epss
scoring_elements 0.62567
published_at 2026-04-02T12:55:00Z
2
value 0.00431
scoring_system epss
scoring_elements 0.62599
published_at 2026-04-04T12:55:00Z
3
value 0.00624
scoring_system epss
scoring_elements 0.70152
published_at 2026-04-09T12:55:00Z
4
value 0.00624
scoring_system epss
scoring_elements 0.70136
published_at 2026-04-08T12:55:00Z
5
value 0.00624
scoring_system epss
scoring_elements 0.70089
published_at 2026-04-07T12:55:00Z
6
value 0.00624
scoring_system epss
scoring_elements 0.70175
published_at 2026-04-11T12:55:00Z
7
value 0.00624
scoring_system epss
scoring_elements 0.70191
published_at 2026-04-16T12:55:00Z
8
value 0.00624
scoring_system epss
scoring_elements 0.70148
published_at 2026-04-13T12:55:00Z
9
value 0.00624
scoring_system epss
scoring_elements 0.70161
published_at 2026-04-12T12:55:00Z
10
value 0.00641
scoring_system epss
scoring_elements 0.70623
published_at 2026-04-18T12:55:00Z
11
value 0.00641
scoring_system epss
scoring_elements 0.70601
published_at 2026-04-21T12:55:00Z
12
value 0.00641
scoring_system epss
scoring_elements 0.70652
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-35065
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35065
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35065
3
reference_url https://github.com/gulpjs/glob-parent
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gulpjs/glob-parent
4
reference_url https://github.com/gulpjs/glob-parent/commit/32f6d52663b7addac38d0dff570d8127edf03f47
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gulpjs/glob-parent/commit/32f6d52663b7addac38d0dff570d8127edf03f47
5
reference_url https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:52:03Z/
url https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
6
reference_url https://github.com/gulpjs/glob-parent/pull/36
reference_id
reference_type
scores
url https://github.com/gulpjs/glob-parent/pull/36
7
reference_url https://github.com/gulpjs/glob-parent/pull/49
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:52:03Z/
url https://github.com/gulpjs/glob-parent/pull/49
8
reference_url https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
reference_id
reference_type
scores
url https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
9
reference_url https://github.com/gulpjs/glob-parent/releases/tag/v6.0.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gulpjs/glob-parent/releases/tag/v6.0.1
10
reference_url https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1103
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1103
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-35065
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-35065
12
reference_url https://security.netapp.com/advisory/ntap-20230214-0010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230214-0010
13
reference_url https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:52:03Z/
url https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294
14
reference_url https://www.mend.io/vulnerability-database/CVE-2021-35065
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mend.io/vulnerability-database/CVE-2021-35065
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2156324
reference_id 2156324
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2156324
16
reference_url https://github.com/advisories/GHSA-cj88-88mr-972w
reference_id GHSA-cj88-88mr-972w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj88-88mr-972w
17
reference_url https://access.redhat.com/errata/RHSA-2023:0612
reference_id RHSA-2023:0612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0612
18
reference_url https://access.redhat.com/errata/RHSA-2023:0634
reference_id RHSA-2023:0634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0634
19
reference_url https://access.redhat.com/errata/RHSA-2023:0934
reference_id RHSA-2023:0934
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0934
20
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
21
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
22
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
23
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
24
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
25
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
26
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
fixed_packages
aliases CVE-2021-35065, GHSA-cj88-88mr-972w, GMS-2022-3113
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9aa-2a31-ufa7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs@1:16.19.1-1%3Farch=el9_2