Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rh-sso7-keycloak@18.0.7-1.redhat_00001.1?arch=el7sso
Typerpm
Namespaceredhat
Namerh-sso7-keycloak
Version18.0.7-1.redhat_00001.1
Qualifiers
arch el7sso
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4e5q-x177-uyat
vulnerability_id VCID-4e5q-x177-uyat
summary 
Square OkHttp can accept the wrong certificate
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android ID: A-171980069
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-0341.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-0341.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-0341
reference_id
reference_type
scores
0
value 0.01037
scoring_system epss
scoring_elements 0.77429
published_at 2026-04-21T12:55:00Z
1
value 0.01037
scoring_system epss
scoring_elements 0.77437
published_at 2026-04-18T12:55:00Z
2
value 0.01037
scoring_system epss
scoring_elements 0.77438
published_at 2026-04-16T12:55:00Z
3
value 0.01037
scoring_system epss
scoring_elements 0.77398
published_at 2026-04-13T12:55:00Z
4
value 0.01037
scoring_system epss
scoring_elements 0.77402
published_at 2026-04-12T12:55:00Z
5
value 0.01037
scoring_system epss
scoring_elements 0.77343
published_at 2026-04-01T12:55:00Z
6
value 0.01037
scoring_system epss
scoring_elements 0.77396
published_at 2026-04-09T12:55:00Z
7
value 0.01037
scoring_system epss
scoring_elements 0.77386
published_at 2026-04-08T12:55:00Z
8
value 0.01037
scoring_system epss
scoring_elements 0.77357
published_at 2026-04-07T12:55:00Z
9
value 0.01037
scoring_system epss
scoring_elements 0.77376
published_at 2026-04-04T12:55:00Z
10
value 0.01037
scoring_system epss
scoring_elements 0.77349
published_at 2026-04-02T12:55:00Z
11
value 0.01037
scoring_system epss
scoring_elements 0.77422
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-0341
2
reference_url https://github.com/square/okhttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/square/okhttp
3
reference_url https://github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10c
4
reference_url https://github.com/square/okhttp/issues/6724
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/square/okhttp/issues/6724
5
reference_url https://github.com/square/okhttp/pull/6741
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/square/okhttp/pull/6741
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-0341
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-0341
7
reference_url https://source.android.com/security/bulletin/2021-02-01
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://source.android.com/security/bulletin/2021-02-01
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2154086
reference_id 2154086
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2154086
9
reference_url https://github.com/advisories/GHSA-3cqm-mf7h-prrj
reference_id GHSA-3cqm-mf7h-prrj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3cqm-mf7h-prrj
10
reference_url https://access.redhat.com/errata/RHSA-2023:0756
reference_id RHSA-2023:0756
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0756
11
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
12
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
13
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
14
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
15
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
16
reference_url https://access.redhat.com/errata/RHSA-2023:2723
reference_id RHSA-2023:2723
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2723
17
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
18
reference_url https://access.redhat.com/errata/RHSA-2024:6667
reference_id RHSA-2024:6667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6667
fixed_packages
aliases CVE-2021-0341, GHSA-3cqm-mf7h-prrj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4e5q-x177-uyat
1
url VCID-4s4f-emvn-9bhh
vulnerability_id VCID-4s4f-emvn-9bhh
summary 
Apache James MIME4J vulnerable to information disclosure to local users
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45787.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45787.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45787
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.00888
published_at 2026-04-21T12:55:00Z
1
value 9e-05
scoring_system epss
scoring_elements 0.00846
published_at 2026-04-02T12:55:00Z
2
value 9e-05
scoring_system epss
scoring_elements 0.00847
published_at 2026-04-04T12:55:00Z
3
value 9e-05
scoring_system epss
scoring_elements 0.00848
published_at 2026-04-07T12:55:00Z
4
value 9e-05
scoring_system epss
scoring_elements 0.00853
published_at 2026-04-08T12:55:00Z
5
value 9e-05
scoring_system epss
scoring_elements 0.0085
published_at 2026-04-09T12:55:00Z
6
value 9e-05
scoring_system epss
scoring_elements 0.00841
published_at 2026-04-18T12:55:00Z
7
value 9e-05
scoring_system epss
scoring_elements 0.00835
published_at 2026-04-12T12:55:00Z
8
value 9e-05
scoring_system epss
scoring_elements 0.00836
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45787
2
reference_url https://github.com/apache/james-mime4j
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/james-mime4j
3
reference_url https://github.com/apache/james-mime4j/blob/master/CHANGELOG.md#089---2022-12-30
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/james-mime4j/blob/master/CHANGELOG.md#089---2022-12-30
4
reference_url https://github.com/apache/james-mime4j/commit/021eb79ba312fe5a7f99fa867ee5350aa5533069
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/james-mime4j/commit/021eb79ba312fe5a7f99fa867ee5350aa5533069
5
reference_url https://issues.apache.org/jira/browse/MIME4J-322
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/MIME4J-322
6
reference_url https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T19:31:06Z/
url https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45787
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45787
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158916
reference_id 2158916
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2158916
9
reference_url https://github.com/advisories/GHSA-q84x-3476-8ff2
reference_id GHSA-q84x-3476-8ff2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q84x-3476-8ff2
10
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
11
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
12
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
13
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
14
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
15
reference_url https://access.redhat.com/errata/RHSA-2023:3815
reference_id RHSA-2023:3815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3815
fixed_packages
aliases CVE-2022-45787, GHSA-q84x-3476-8ff2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4s4f-emvn-9bhh
2
url VCID-etyq-9yys-tkdf
vulnerability_id VCID-etyq-9yys-tkdf
summary 
Insecure Temporary File in RESTEasy
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0482.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0482.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0482
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15481
published_at 2026-04-21T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15429
published_at 2026-04-18T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15424
published_at 2026-04-16T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15498
published_at 2026-04-13T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15563
published_at 2026-04-12T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.156
published_at 2026-04-11T12:55:00Z
6
value 0.0005
scoring_system epss
scoring_elements 0.15633
published_at 2026-04-09T12:55:00Z
7
value 0.0005
scoring_system epss
scoring_elements 0.15578
published_at 2026-04-08T12:55:00Z
8
value 0.0005
scoring_system epss
scoring_elements 0.15492
published_at 2026-04-07T12:55:00Z
9
value 0.0005
scoring_system epss
scoring_elements 0.15625
published_at 2026-04-02T12:55:00Z
10
value 0.0005
scoring_system epss
scoring_elements 0.15693
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0482
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2166004
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2166004
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0482
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0482
4
reference_url https://github.com/orgs/resteasy/discussions/3415
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/orgs/resteasy/discussions/3415
5
reference_url https://github.com/orgs/resteasy/discussions/3504
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/orgs/resteasy/discussions/3504
6
reference_url https://github.com/orgs/resteasy/discussions/3506
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/orgs/resteasy/discussions/3506
7
reference_url https://github.com/resteasy/resteasy
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/resteasy
8
reference_url https://github.com/resteasy/Resteasy
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/Resteasy
9
reference_url https://github.com/resteasy/resteasy/pull/3409
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/resteasy/pull/3409
10
reference_url https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T16:02:39Z/
url https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
11
reference_url https://github.com/resteasy/resteasy/pull/3410
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/resteasy/pull/3410
12
reference_url https://github.com/resteasy/resteasy/pull/3412
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/resteasy/pull/3412
13
reference_url https://github.com/resteasy/resteasy/pull/3413
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/resteasy/pull/3413
14
reference_url https://github.com/resteasy/resteasy/pull/3423
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/resteasy/pull/3423
15
reference_url https://github.com/resteasy/resteasy/security/advisories/GHSA-2c6g-pfx3-w7h8
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/resteasy/security/advisories/GHSA-2c6g-pfx3-w7h8
16
reference_url https://issues.redhat.com/browse/RESTEASY-3286
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/RESTEASY-3286
17
reference_url https://security.netapp.com/advisory/ntap-20230427-0001
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230427-0001
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031728
reference_id 1031728
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031728
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031729
reference_id 1031729
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031729
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0482
reference_id CVE-2023-0482
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0482
21
reference_url https://github.com/advisories/GHSA-2c6g-pfx3-w7h8
reference_id GHSA-2c6g-pfx3-w7h8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2c6g-pfx3-w7h8
22
reference_url https://github.com/advisories/GHSA-jrmh-v64j-mjm9
reference_id GHSA-jrmh-v64j-mjm9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jrmh-v64j-mjm9
23
reference_url https://security.netapp.com/advisory/ntap-20230427-0001/
reference_id ntap-20230427-0001
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T16:02:39Z/
url https://security.netapp.com/advisory/ntap-20230427-0001/
24
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
25
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
26
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
27
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
28
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
29
reference_url https://access.redhat.com/errata/RHSA-2023:3185
reference_id RHSA-2023:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3185
30
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
31
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
32
reference_url https://access.redhat.com/errata/RHSA-2023:6305
reference_id RHSA-2023:6305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6305
33
reference_url https://usn.ubuntu.com/7351-1/
reference_id USN-7351-1
reference_type
scores
url https://usn.ubuntu.com/7351-1/
34
reference_url https://usn.ubuntu.com/7630-1/
reference_id USN-7630-1
reference_type
scores
url https://usn.ubuntu.com/7630-1/
fixed_packages
aliases CVE-2023-0482, GHSA-2c6g-pfx3-w7h8, GHSA-jrmh-v64j-mjm9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etyq-9yys-tkdf
3
url VCID-fb8u-g65k-hffs
vulnerability_id VCID-fb8u-g65k-hffs
summary 
snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38752.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38752.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38752
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37702
published_at 2026-04-13T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37728
published_at 2026-04-12T12:55:00Z
2
value 0.00166
scoring_system epss
scoring_elements 0.37763
published_at 2026-04-11T12:55:00Z
3
value 0.00166
scoring_system epss
scoring_elements 0.3775
published_at 2026-04-16T12:55:00Z
4
value 0.00166
scoring_system epss
scoring_elements 0.37737
published_at 2026-04-08T12:55:00Z
5
value 0.00166
scoring_system epss
scoring_elements 0.37687
published_at 2026-04-07T12:55:00Z
6
value 0.00166
scoring_system epss
scoring_elements 0.37808
published_at 2026-04-04T12:55:00Z
7
value 0.00166
scoring_system epss
scoring_elements 0.37782
published_at 2026-04-02T12:55:00Z
8
value 0.00205
scoring_system epss
scoring_elements 0.42655
published_at 2026-04-21T12:55:00Z
9
value 0.00205
scoring_system epss
scoring_elements 0.42718
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38752
2
reference_url https://bitbucket.org/snakeyaml/snakeyaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml
3
reference_url https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T14:02:33Z/
url https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
4
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T14:02:33Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38752
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-38752
8
reference_url https://security.gentoo.org/glsa/202305-28
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T14:02:33Z/
url https://security.gentoo.org/glsa/202305-28
9
reference_url https://security.netapp.com/advisory/ntap-20240315-0009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240315-0009
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021014
reference_id 1021014
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021014
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2129710
reference_id 2129710
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2129710
12
reference_url https://github.com/advisories/GHSA-9w3m-gqgf-c4p9
reference_id GHSA-9w3m-gqgf-c4p9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9w3m-gqgf-c4p9
13
reference_url https://security.netapp.com/advisory/ntap-20240315-0009/
reference_id ntap-20240315-0009
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T14:02:33Z/
url https://security.netapp.com/advisory/ntap-20240315-0009/
14
reference_url https://access.redhat.com/errata/RHSA-2022:6757
reference_id RHSA-2022:6757
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6757
15
reference_url https://access.redhat.com/errata/RHSA-2022:8524
reference_id RHSA-2022:8524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8524
16
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
17
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
18
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
19
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
20
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
21
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
22
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
23
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
24
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
fixed_packages
aliases CVE-2022-38752, GHSA-9w3m-gqgf-c4p9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fb8u-g65k-hffs
4
url VCID-jz3d-vvfb-jfbw
vulnerability_id VCID-jz3d-vvfb-jfbw
summary 
Undertow client not checking server identity presented by server certificate in https connections
The undertow client is not checking the server identity presented by the server certificate in https connections. This should be performed by default in https and in http/2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4492.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4492.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4492
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.36274
published_at 2026-04-11T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.36188
published_at 2026-04-21T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.3624
published_at 2026-04-18T12:55:00Z
3
value 0.00155
scoring_system epss
scoring_elements 0.36256
published_at 2026-04-16T12:55:00Z
4
value 0.00155
scoring_system epss
scoring_elements 0.36213
published_at 2026-04-13T12:55:00Z
5
value 0.00155
scoring_system epss
scoring_elements 0.36333
published_at 2026-04-02T12:55:00Z
6
value 0.00155
scoring_system epss
scoring_elements 0.36237
published_at 2026-04-12T12:55:00Z
7
value 0.00155
scoring_system epss
scoring_elements 0.36366
published_at 2026-04-04T12:55:00Z
8
value 0.00155
scoring_system epss
scoring_elements 0.36201
published_at 2026-04-07T12:55:00Z
9
value 0.00155
scoring_system epss
scoring_elements 0.36251
published_at 2026-04-08T12:55:00Z
10
value 0.00155
scoring_system epss
scoring_elements 0.36269
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4492
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153260
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2153260
3
reference_url https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java
4
reference_url https://github.com/undertow-io/undertow/pull/1447
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1447
5
reference_url https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4
6
reference_url https://github.com/undertow-io/undertow/pull/1457
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1457
7
reference_url https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342
8
reference_url https://issues.redhat.com/browse/MTA-93
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/MTA-93
9
reference_url https://issues.redhat.com/browse/UNDERTOW-2212
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2212
10
reference_url https://security.netapp.com/advisory/ntap-20230324-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230324-0002
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032087
reference_id 1032087
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032087
12
reference_url https://access.redhat.com/security/cve/CVE-2022-4492
reference_id CVE-2022-4492
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/
url https://access.redhat.com/security/cve/CVE-2022-4492
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4492
reference_id CVE-2022-4492
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4492
14
reference_url https://github.com/advisories/GHSA-pfcc-3g6r-8rg8
reference_id GHSA-pfcc-3g6r-8rg8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfcc-3g6r-8rg8
15
reference_url https://security.netapp.com/advisory/ntap-20230324-0002/
reference_id ntap-20230324-0002
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/
url https://security.netapp.com/advisory/ntap-20230324-0002/
16
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
17
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
18
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
19
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
20
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
21
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
22
reference_url https://access.redhat.com/errata/RHSA-2023:3813
reference_id RHSA-2023:3813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3813
23
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
24
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
fixed_packages
aliases CVE-2022-4492, GHSA-pfcc-3g6r-8rg8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jz3d-vvfb-jfbw
5
url VCID-qruf-r6dc-3ugj
vulnerability_id VCID-qruf-r6dc-3ugj
summary 
HAProxyMessageDecoder Stack Exhaustion DoS
### Impact
A StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.

### Patches
Users should upgrade to 4.1.86.Final.

### Workarounds
There is no workaround, except using a custom HaProxyMessageDecoder.

### References
When parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type = PP2_TYPE_SSL and so on.
The only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it is encoded in an unsigned short type.
Providing a TLV with a nesting level that is large enough will lead to raising of a StackOverflowError.
The StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception / crash.


### For more information
If you have any questions or comments about this advisory:
* Open an issue in [netty](https://github.com/netty/netty)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41881.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41881.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41881
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33795
published_at 2026-04-21T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33827
published_at 2026-04-18T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.3384
published_at 2026-04-16T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33802
published_at 2026-04-13T12:55:00Z
4
value 0.00138
scoring_system epss
scoring_elements 0.33826
published_at 2026-04-12T12:55:00Z
5
value 0.00138
scoring_system epss
scoring_elements 0.33868
published_at 2026-04-11T12:55:00Z
6
value 0.00138
scoring_system epss
scoring_elements 0.3387
published_at 2026-04-09T12:55:00Z
7
value 0.00138
scoring_system epss
scoring_elements 0.33838
published_at 2026-04-08T12:55:00Z
8
value 0.00138
scoring_system epss
scoring_elements 0.33796
published_at 2026-04-07T12:55:00Z
9
value 0.00138
scoring_system epss
scoring_elements 0.33942
published_at 2026-04-04T12:55:00Z
10
value 0.00138
scoring_system epss
scoring_elements 0.33911
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41881
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
9
reference_url https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
10
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41881
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41881
12
reference_url https://security.netapp.com/advisory/ntap-20230113-0004
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230113-0004
13
reference_url https://security.netapp.com/advisory/ntap-20230113-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230113-0004/
14
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027180
reference_id 1027180
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027180
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153379
reference_id 2153379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2153379
17
reference_url https://github.com/advisories/GHSA-fx2c-96vj-985v
reference_id GHSA-fx2c-96vj-985v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fx2c-96vj-985v
18
reference_url https://access.redhat.com/errata/RHSA-2023:0577
reference_id RHSA-2023:0577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0577
19
reference_url https://access.redhat.com/errata/RHSA-2023:0713
reference_id RHSA-2023:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0713
20
reference_url https://access.redhat.com/errata/RHSA-2023:0758
reference_id RHSA-2023:0758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0758
21
reference_url https://access.redhat.com/errata/RHSA-2023:0888
reference_id RHSA-2023:0888
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0888
22
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
23
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
24
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
25
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
26
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
27
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
28
reference_url https://access.redhat.com/errata/RHSA-2023:3373
reference_id RHSA-2023:3373
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3373
29
reference_url https://access.redhat.com/errata/RHSA-2023:3374
reference_id RHSA-2023:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3374
30
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
31
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
32
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
33
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
aliases CVE-2022-41881, GHSA-fx2c-96vj-985v
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qruf-r6dc-3ugj
6
url VCID-sqsn-ygsg-yfdu
vulnerability_id VCID-sqsn-ygsg-yfdu
summary 
Snakeyaml vulnerable to Stack overflow leading to denial of service
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41854.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41854.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41854
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.23168
published_at 2026-04-04T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.23025
published_at 2026-04-16T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.23012
published_at 2026-04-13T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.23068
published_at 2026-04-12T12:55:00Z
4
value 0.00077
scoring_system epss
scoring_elements 0.23105
published_at 2026-04-11T12:55:00Z
5
value 0.00077
scoring_system epss
scoring_elements 0.23085
published_at 2026-04-09T12:55:00Z
6
value 0.00077
scoring_system epss
scoring_elements 0.23032
published_at 2026-04-08T12:55:00Z
7
value 0.00077
scoring_system epss
scoring_elements 0.22959
published_at 2026-04-07T12:55:00Z
8
value 0.00077
scoring_system epss
scoring_elements 0.23124
published_at 2026-04-02T12:55:00Z
9
value 0.00103
scoring_system epss
scoring_elements 0.28162
published_at 2026-04-18T12:55:00Z
10
value 0.00116
scoring_system epss
scoring_elements 0.30262
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41854
2
reference_url https://bitbucket.org/snakeyaml/snakeyaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml
3
reference_url https://bitbucket.org/snakeyaml/snakeyaml/commits/e230a1758842beec93d28eddfde568c21774780a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml/commits/e230a1758842beec93d28eddfde568c21774780a
4
reference_url https://bitbucket.org/snakeyaml/snakeyaml/issues/531
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml/issues/531
5
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41854
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41854
15
reference_url https://security.netapp.com/advisory/ntap-20240315-0009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240315-0009
16
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2151988
reference_id 2151988
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2151988
18
reference_url https://github.com/advisories/GHSA-w37g-rhq8-7m4j
reference_id GHSA-w37g-rhq8-7m4j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w37g-rhq8-7m4j
19
reference_url https://access.redhat.com/errata/RHSA-2023:0577
reference_id RHSA-2023:0577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0577
20
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
21
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
22
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
23
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
24
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
25
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
26
reference_url https://access.redhat.com/errata/RHSA-2023:3373
reference_id RHSA-2023:3373
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3373
27
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
28
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
29
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
30
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
fixed_packages
aliases CVE-2022-41854, GHSA-w37g-rhq8-7m4j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqsn-ygsg-yfdu
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.7-1.redhat_00001.1%3Farch=el7sso