Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1?arch=el7sso
Typerpm
Namespaceredhat
Namerh-sso7-keycloak
Version15.0.8-1.redhat_00001.1
Qualifiers
arch el7sso
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-7z49-f322-n7g8
vulnerability_id VCID-7z49-f322-n7g8
summary 
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the `UPLOAD_SCRIPTS` feature is disabled
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json
1
reference_url https://access.redhat.com/security/cve/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2022-2668
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2668
reference_id
reference_type
scores
0
value 0.00473
scoring_system epss
scoring_elements 0.64744
published_at 2026-04-18T12:55:00Z
1
value 0.00473
scoring_system epss
scoring_elements 0.6467
published_at 2026-04-02T12:55:00Z
2
value 0.00473
scoring_system epss
scoring_elements 0.64698
published_at 2026-04-04T12:55:00Z
3
value 0.00473
scoring_system epss
scoring_elements 0.64656
published_at 2026-04-07T12:55:00Z
4
value 0.00473
scoring_system epss
scoring_elements 0.64704
published_at 2026-04-08T12:55:00Z
5
value 0.00473
scoring_system epss
scoring_elements 0.64719
published_at 2026-04-09T12:55:00Z
6
value 0.00473
scoring_system epss
scoring_elements 0.64736
published_at 2026-04-11T12:55:00Z
7
value 0.00473
scoring_system epss
scoring_elements 0.64724
published_at 2026-04-12T12:55:00Z
8
value 0.00473
scoring_system epss
scoring_elements 0.64696
published_at 2026-04-13T12:55:00Z
9
value 0.00473
scoring_system epss
scoring_elements 0.64733
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2668
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
6
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
8
reference_url https://github.com/advisories/GHSA-wf7g-7h6h-678v
reference_id GHSA-wf7g-7h6h-678v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wf7g-7h6h-678v
9
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
10
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
11
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
12
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
13
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
14
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
15
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
fixed_packages
aliases CVE-2022-2668, GHSA-wf7g-7h6h-678v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7z49-f322-n7g8
1
url VCID-cabc-jrpz-vuad
vulnerability_id VCID-cabc-jrpz-vuad
summary 
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release (18.0.1). The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the default roles functionality. 

### CVSS 3.1 - **3.8**

**Vector String:** AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

**Vector Clarification:**

* User interaction is not required as the admin console is regularly used during an administrator's work
* The scope is unchanged since the admin console web application is both the vulnerable component and where the exploit executes

### Credits

Aytaç Kalıncı, Ilker Bulgurcu, Yasin Yılmaz (@aytackalinci, @smileronin, @yasinyilmaz) - NETAŞ PENTEST TEAM
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2256
reference_id
reference_type
scores
0
value 0.00882
scoring_system epss
scoring_elements 0.75428
published_at 2026-04-18T12:55:00Z
1
value 0.00882
scoring_system epss
scoring_elements 0.75421
published_at 2026-04-16T12:55:00Z
2
value 0.00882
scoring_system epss
scoring_elements 0.7538
published_at 2026-04-13T12:55:00Z
3
value 0.00882
scoring_system epss
scoring_elements 0.75391
published_at 2026-04-12T12:55:00Z
4
value 0.00882
scoring_system epss
scoring_elements 0.7534
published_at 2026-04-07T12:55:00Z
5
value 0.00882
scoring_system epss
scoring_elements 0.75393
published_at 2026-04-09T12:55:00Z
6
value 0.00882
scoring_system epss
scoring_elements 0.75383
published_at 2026-04-08T12:55:00Z
7
value 0.00882
scoring_system epss
scoring_elements 0.75328
published_at 2026-04-02T12:55:00Z
8
value 0.00882
scoring_system epss
scoring_elements 0.7536
published_at 2026-04-04T12:55:00Z
9
value 0.00882
scoring_system epss
scoring_elements 0.75413
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2256
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2101942
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2101942
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2256
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2256
7
reference_url https://github.com/advisories/GHSA-w9mf-83w3-fv49
reference_id GHSA-w9mf-83w3-fv49
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9mf-83w3-fv49
8
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
9
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
10
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
fixed_packages
aliases CVE-2022-2256, GHSA-w9mf-83w3-fv49
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cabc-jrpz-vuad
2
url VCID-e3vc-jpft-gye7
vulnerability_id VCID-e3vc-jpft-gye7
summary 
XNIO `notifyReadClosed` method logging message to unexpected end
A flaw was found in XNIO, specifically in the `notifyReadClosed` method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. A fix for this issue is available on the `3.x` branch of the repository.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0084.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0084.json
1
reference_url https://access.redhat.com/security/cve/CVE-2022-0084
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2022-0084
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0084
reference_id
reference_type
scores
0
value 0.00465
scoring_system epss
scoring_elements 0.64386
published_at 2026-04-18T12:55:00Z
1
value 0.00465
scoring_system epss
scoring_elements 0.64261
published_at 2026-04-01T12:55:00Z
2
value 0.00465
scoring_system epss
scoring_elements 0.64318
published_at 2026-04-02T12:55:00Z
3
value 0.00465
scoring_system epss
scoring_elements 0.64346
published_at 2026-04-04T12:55:00Z
4
value 0.00465
scoring_system epss
scoring_elements 0.64304
published_at 2026-04-07T12:55:00Z
5
value 0.00465
scoring_system epss
scoring_elements 0.64352
published_at 2026-04-08T12:55:00Z
6
value 0.00465
scoring_system epss
scoring_elements 0.64367
published_at 2026-04-12T12:55:00Z
7
value 0.00465
scoring_system epss
scoring_elements 0.64379
published_at 2026-04-11T12:55:00Z
8
value 0.00465
scoring_system epss
scoring_elements 0.64338
published_at 2026-04-13T12:55:00Z
9
value 0.00465
scoring_system epss
scoring_elements 0.64374
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0084
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2064226
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2064226
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0084
5
reference_url https://github.com/xnio/xnio
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xnio/xnio
6
reference_url https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12
7
reference_url https://github.com/xnio/xnio/pull/291
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xnio/xnio/pull/291
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0084
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0084
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013280
reference_id 1013280
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013280
10
reference_url https://github.com/advisories/GHSA-76fg-mhrg-fmmg
reference_id GHSA-76fg-mhrg-fmmg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76fg-mhrg-fmmg
11
reference_url https://access.redhat.com/errata/RHSA-2022:2232
reference_id RHSA-2022:2232
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2232
12
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
13
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
14
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
15
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
16
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
17
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
18
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
19
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
20
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
21
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
22
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
23
reference_url https://access.redhat.com/errata/RHSA-2025:4437
reference_id RHSA-2025:4437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4437
fixed_packages
aliases CVE-2022-0084, GHSA-76fg-mhrg-fmmg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3vc-jpft-gye7
3
url VCID-jstt-6zs3-ybew
vulnerability_id VCID-jstt-6zs3-ybew
summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in com.h2database:h2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42392.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42392.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42392
reference_id
reference_type
scores
0
value 0.90773
scoring_system epss
scoring_elements 0.99622
published_at 2026-04-02T12:55:00Z
1
value 0.91037
scoring_system epss
scoring_elements 0.99636
published_at 2026-04-04T12:55:00Z
2
value 0.91037
scoring_system epss
scoring_elements 0.9964
published_at 2026-04-18T12:55:00Z
3
value 0.91037
scoring_system epss
scoring_elements 0.99639
published_at 2026-04-16T12:55:00Z
4
value 0.91037
scoring_system epss
scoring_elements 0.99638
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42392
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221
4
reference_url https://github.com/h2database/h2database
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2database/h2database
5
reference_url https://github.com/h2database/h2database/releases/tag/version-2.0.206
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2database/h2database/releases/tag/version-2.0.206
6
reference_url https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console
7
reference_url https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
reference_id
reference_type
scores
url https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
8
reference_url https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-42392
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-42392
10
reference_url https://security.netapp.com/advisory/ntap-20220119-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220119-0001
11
reference_url https://security.netapp.com/advisory/ntap-20220119-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220119-0001/
12
reference_url https://www.debian.org/security/2022/dsa-5076
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5076
13
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
14
reference_url https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console
15
reference_url https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/
reference_id
reference_type
scores
url https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003894
reference_id 1003894
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003894
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2039403
reference_id 2039403
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2039403
18
reference_url https://github.com/advisories/GHSA-h376-j262-vhq6
reference_id GHSA-h376-j262-vhq6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h376-j262-vhq6
19
reference_url https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
reference_id GHSA-h376-j262-vhq6
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
20
reference_url https://access.redhat.com/errata/RHSA-2022:1013
reference_id RHSA-2022:1013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1013
21
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
22
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
23
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
24
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
25
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
26
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
27
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
28
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
29
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
30
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
31
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
32
reference_url https://usn.ubuntu.com/5365-1/
reference_id USN-5365-1
reference_type
scores
url https://usn.ubuntu.com/5365-1/
33
reference_url https://usn.ubuntu.com/6834-1/
reference_id USN-6834-1
reference_type
scores
url https://usn.ubuntu.com/6834-1/
fixed_packages
aliases CVE-2021-42392, GHSA-h376-j262-vhq6, GMS-2022-7
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jstt-6zs3-ybew
4
url VCID-n23y-qjaf-tfcm
vulnerability_id VCID-n23y-qjaf-tfcm
summary 
Keycloak XSS via use of malicious payload as group name when creating new group from admin console
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0225
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.6548
published_at 2026-04-18T12:55:00Z
1
value 0.00487
scoring_system epss
scoring_elements 0.65401
published_at 2026-04-02T12:55:00Z
2
value 0.00487
scoring_system epss
scoring_elements 0.65428
published_at 2026-04-04T12:55:00Z
3
value 0.00487
scoring_system epss
scoring_elements 0.65391
published_at 2026-04-07T12:55:00Z
4
value 0.00487
scoring_system epss
scoring_elements 0.65444
published_at 2026-04-08T12:55:00Z
5
value 0.00487
scoring_system epss
scoring_elements 0.65455
published_at 2026-04-09T12:55:00Z
6
value 0.00487
scoring_system epss
scoring_elements 0.65474
published_at 2026-04-11T12:55:00Z
7
value 0.00487
scoring_system epss
scoring_elements 0.6546
published_at 2026-04-12T12:55:00Z
8
value 0.00487
scoring_system epss
scoring_elements 0.65432
published_at 2026-04-13T12:55:00Z
9
value 0.00487
scoring_system epss
scoring_elements 0.65469
published_at 2026-04-16T12:55:00Z
10
value 0.00487
scoring_system epss
scoring_elements 0.65353
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0225
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2040268
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2040268
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0225
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0225
6
reference_url https://github.com/advisories/GHSA-fqc7-5xxc-ph7r
reference_id GHSA-fqc7-5xxc-ph7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqc7-5xxc-ph7r
7
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
8
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
9
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
10
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
11
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
12
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
13
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
fixed_packages
aliases CVE-2022-0225, GHSA-fqc7-5xxc-ph7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n23y-qjaf-tfcm
5
url VCID-swu5-a9h5-ffex
vulnerability_id VCID-swu5-a9h5-ffex
summary 
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
This CVE has been marked as a False Positive and has been removed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43797
reference_id
reference_type
scores
0
value 0.00381
scoring_system epss
scoring_elements 0.59596
published_at 2026-04-18T12:55:00Z
1
value 0.00381
scoring_system epss
scoring_elements 0.59589
published_at 2026-04-16T12:55:00Z
2
value 0.00381
scoring_system epss
scoring_elements 0.59556
published_at 2026-04-13T12:55:00Z
3
value 0.00381
scoring_system epss
scoring_elements 0.59575
published_at 2026-04-12T12:55:00Z
4
value 0.00381
scoring_system epss
scoring_elements 0.59592
published_at 2026-04-11T12:55:00Z
5
value 0.00381
scoring_system epss
scoring_elements 0.59573
published_at 2026-04-09T12:55:00Z
6
value 0.00381
scoring_system epss
scoring_elements 0.59509
published_at 2026-04-07T12:55:00Z
7
value 0.00381
scoring_system epss
scoring_elements 0.59541
published_at 2026-04-04T12:55:00Z
8
value 0.00381
scoring_system epss
scoring_elements 0.59515
published_at 2026-04-02T12:55:00Z
9
value 0.00381
scoring_system epss
scoring_elements 0.59561
published_at 2026-04-08T12:55:00Z
10
value 0.00381
scoring_system epss
scoring_elements 0.59443
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43797
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
9
reference_url https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323
10
reference_url https://github.com/netty/netty/pull/11891
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/pull/11891
11
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
12
reference_url https://security.netapp.com/advisory/ntap-20220107-0003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220107-0003
13
reference_url https://security.netapp.com/advisory/ntap-20220107-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220107-0003/
14
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
15
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
16
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437
reference_id 1001437
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2031958
reference_id 2031958
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2031958
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43797
reference_id CVE-2021-43797
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43797
20
reference_url https://github.com/advisories/GHSA-wx5j-54mm-rqqq
reference_id GHSA-wx5j-54mm-rqqq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wx5j-54mm-rqqq
21
reference_url https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
reference_id GHSA-wx5j-54mm-rqqq
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
22
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
23
reference_url https://access.redhat.com/errata/RHSA-2022:1345
reference_id RHSA-2022:1345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1345
24
reference_url https://access.redhat.com/errata/RHSA-2022:2216
reference_id RHSA-2022:2216
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2216
25
reference_url https://access.redhat.com/errata/RHSA-2022:2217
reference_id RHSA-2022:2217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2217
26
reference_url https://access.redhat.com/errata/RHSA-2022:2218
reference_id RHSA-2022:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2218
27
reference_url https://access.redhat.com/errata/RHSA-2022:4623
reference_id RHSA-2022:4623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4623
28
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
29
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
30
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
31
reference_url https://access.redhat.com/errata/RHSA-2022:5101
reference_id RHSA-2022:5101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5101
32
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
33
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
34
reference_url https://access.redhat.com/errata/RHSA-2022:5903
reference_id RHSA-2022:5903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5903
35
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
36
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
37
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
38
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
39
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
40
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
41
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
42
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
aliases CVE-2021-43797, GHSA-wx5j-54mm-rqqq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swu5-a9h5-ffex
6
url VCID-v45q-vzz5-4bgd
vulnerability_id VCID-v45q-vzz5-4bgd
summary wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0866.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0866.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0866
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50524
published_at 2026-04-01T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.50581
published_at 2026-04-02T12:55:00Z
2
value 0.00272
scoring_system epss
scoring_elements 0.50608
published_at 2026-04-04T12:55:00Z
3
value 0.00272
scoring_system epss
scoring_elements 0.50561
published_at 2026-04-07T12:55:00Z
4
value 0.00272
scoring_system epss
scoring_elements 0.50615
published_at 2026-04-08T12:55:00Z
5
value 0.00272
scoring_system epss
scoring_elements 0.50612
published_at 2026-04-09T12:55:00Z
6
value 0.00272
scoring_system epss
scoring_elements 0.50655
published_at 2026-04-11T12:55:00Z
7
value 0.00272
scoring_system epss
scoring_elements 0.50632
published_at 2026-04-12T12:55:00Z
8
value 0.00272
scoring_system epss
scoring_elements 0.50618
published_at 2026-04-13T12:55:00Z
9
value 0.00272
scoring_system epss
scoring_elements 0.5066
published_at 2026-04-16T12:55:00Z
10
value 0.00272
scoring_system epss
scoring_elements 0.50665
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0866
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2060929
reference_id 2060929
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2060929
3
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
4
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
5
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
6
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
7
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
8
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
9
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
10
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
11
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
12
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
fixed_packages
aliases CVE-2022-0866
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v45q-vzz5-4bgd
7
url VCID-v6ek-y7cn-kycd
vulnerability_id VCID-v6ek-y7cn-kycd
summary 
Uncontrolled Resource Consumption
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36518
reference_id
reference_type
scores
0
value 0.00514
scoring_system epss
scoring_elements 0.66631
published_at 2026-04-18T12:55:00Z
1
value 0.00514
scoring_system epss
scoring_elements 0.66613
published_at 2026-04-16T12:55:00Z
2
value 0.00514
scoring_system epss
scoring_elements 0.66577
published_at 2026-04-13T12:55:00Z
3
value 0.00514
scoring_system epss
scoring_elements 0.66609
published_at 2026-04-12T12:55:00Z
4
value 0.00514
scoring_system epss
scoring_elements 0.66621
published_at 2026-04-11T12:55:00Z
5
value 0.00514
scoring_system epss
scoring_elements 0.66603
published_at 2026-04-09T12:55:00Z
6
value 0.00514
scoring_system epss
scoring_elements 0.66589
published_at 2026-04-08T12:55:00Z
7
value 0.00514
scoring_system epss
scoring_elements 0.66541
published_at 2026-04-07T12:55:00Z
8
value 0.00514
scoring_system epss
scoring_elements 0.66569
published_at 2026-04-04T12:55:00Z
9
value 0.00514
scoring_system epss
scoring_elements 0.66544
published_at 2026-04-02T12:55:00Z
10
value 0.00514
scoring_system epss
scoring_elements 0.66505
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36518
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
7
reference_url https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de
8
reference_url https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b
9
reference_url https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd
10
reference_url https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126
11
reference_url https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b
12
reference_url https://github.com/FasterXML/jackson-databind/issues/2816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://github.com/FasterXML/jackson-databind/issues/2816
13
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12
14
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13
15
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html
16
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
17
reference_url https://security.netapp.com/advisory/ntap-20220506-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220506-0004
18
reference_url https://www.debian.org/security/2022/dsa-5283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://www.debian.org/security/2022/dsa-5283
19
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
20
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109
reference_id 1007109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2064698
reference_id 2064698
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2064698
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36518
reference_id CVE-2020-36518
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36518
24
reference_url https://github.com/advisories/GHSA-57j2-w4cx-62h2
reference_id GHSA-57j2-w4cx-62h2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57j2-w4cx-62h2
25
reference_url https://security.netapp.com/advisory/ntap-20220506-0004/
reference_id ntap-20220506-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://security.netapp.com/advisory/ntap-20220506-0004/
26
reference_url https://access.redhat.com/errata/RHSA-2022:2232
reference_id RHSA-2022:2232
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2232
27
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
28
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
29
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
30
reference_url https://access.redhat.com/errata/RHSA-2022:5029
reference_id RHSA-2022:5029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5029
31
reference_url https://access.redhat.com/errata/RHSA-2022:5101
reference_id RHSA-2022:5101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5101
32
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
33
reference_url https://access.redhat.com/errata/RHSA-2022:5596
reference_id RHSA-2022:5596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5596
34
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
35
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
36
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
37
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
38
reference_url https://access.redhat.com/errata/RHSA-2022:6819
reference_id RHSA-2022:6819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6819
39
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
40
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
41
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
42
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
43
reference_url https://access.redhat.com/errata/RHSA-2022:7435
reference_id RHSA-2022:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7435
44
reference_url https://access.redhat.com/errata/RHSA-2022:8781
reference_id RHSA-2022:8781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8781
45
reference_url https://access.redhat.com/errata/RHSA-2022:8889
reference_id RHSA-2022:8889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8889
46
reference_url https://access.redhat.com/errata/RHSA-2023:0264
reference_id RHSA-2023:0264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0264
47
reference_url https://access.redhat.com/errata/RHSA-2023:2312
reference_id RHSA-2023:2312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2312
48
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
49
reference_url https://access.redhat.com/errata/RHSA-2024:3061
reference_id RHSA-2024:3061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3061
fixed_packages
aliases CVE-2020-36518, GHSA-57j2-w4cx-62h2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ek-y7cn-kycd
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1%3Farch=el7sso