Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
Typedeb
Namespacedebian
Nametrafficserver
Version9.2.5+ds-0+deb12u3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4738-xk8n-hbac
vulnerability_id VCID-4738-xk8n-hbac
summary Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38311
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.24039
published_at 2026-04-16T12:55:00Z
1
value 0.00082
scoring_system epss
scoring_elements 0.23867
published_at 2026-04-26T12:55:00Z
2
value 0.00082
scoring_system epss
scoring_elements 0.23881
published_at 2026-04-24T12:55:00Z
3
value 0.00082
scoring_system epss
scoring_elements 0.23825
published_at 2026-04-29T12:55:00Z
4
value 0.00082
scoring_system epss
scoring_elements 0.24026
published_at 2026-04-18T12:55:00Z
5
value 0.00082
scoring_system epss
scoring_elements 0.24008
published_at 2026-04-21T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.5085
published_at 2026-04-13T12:55:00Z
7
value 0.00745
scoring_system epss
scoring_elements 0.7305
published_at 2026-04-12T12:55:00Z
8
value 0.00745
scoring_system epss
scoring_elements 0.73
published_at 2026-04-02T12:55:00Z
9
value 0.00745
scoring_system epss
scoring_elements 0.7302
published_at 2026-04-04T12:55:00Z
10
value 0.00745
scoring_system epss
scoring_elements 0.72996
published_at 2026-04-07T12:55:00Z
11
value 0.00745
scoring_system epss
scoring_elements 0.73033
published_at 2026-04-08T12:55:00Z
12
value 0.00745
scoring_system epss
scoring_elements 0.73047
published_at 2026-04-09T12:55:00Z
13
value 0.00745
scoring_system epss
scoring_elements 0.73071
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38311
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38311
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38311
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099691
reference_id 1099691
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099691
3
reference_url https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
reference_id btofzws2yqskk2n7f01r3l1819x01023
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:35:26Z/
url https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2024-38311
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4738-xk8n-hbac
1
url VCID-4hs3-be7k-9qe7
vulnerability_id VCID-4hs3-be7k-9qe7
summary 
Apache Traffic Server allows request smuggling if chunked messages are malformed. 

This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.

Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65114
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08219
published_at 2026-04-04T12:55:00Z
1
value 0.00163
scoring_system epss
scoring_elements 0.37207
published_at 2026-04-07T12:55:00Z
2
value 0.0021
scoring_system epss
scoring_elements 0.4329
published_at 2026-04-26T12:55:00Z
3
value 0.0021
scoring_system epss
scoring_elements 0.43358
published_at 2026-04-21T12:55:00Z
4
value 0.0021
scoring_system epss
scoring_elements 0.43288
published_at 2026-04-24T12:55:00Z
5
value 0.0021
scoring_system epss
scoring_elements 0.43424
published_at 2026-04-18T12:55:00Z
6
value 0.0021
scoring_system epss
scoring_elements 0.43212
published_at 2026-04-29T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.43984
published_at 2026-04-12T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.43999
published_at 2026-04-08T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.44002
published_at 2026-04-09T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44017
published_at 2026-04-11T12:55:00Z
11
value 0.00215
scoring_system epss
scoring_elements 0.43969
published_at 2026-04-13T12:55:00Z
12
value 0.00215
scoring_system epss
scoring_elements 0.44031
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65114
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65114
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65114
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132717
reference_id 1132717
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132717
3
reference_url https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q
reference_id 2s11roxlv1j8ph6q52rqo1klvl01n14q
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:09:43Z/
url https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2025-65114
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hs3-be7k-9qe7
2
url VCID-4uhe-mtbx-nfdu
vulnerability_id VCID-4uhe-mtbx-nfdu
summary Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56195
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.1771
published_at 2026-04-29T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.17746
published_at 2026-04-26T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.17768
published_at 2026-04-24T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.21969
published_at 2026-04-16T12:55:00Z
4
value 0.00072
scoring_system epss
scoring_elements 0.21964
published_at 2026-04-18T12:55:00Z
5
value 0.00074
scoring_system epss
scoring_elements 0.22397
published_at 2026-04-21T12:55:00Z
6
value 0.00178
scoring_system epss
scoring_elements 0.39335
published_at 2026-04-13T12:55:00Z
7
value 0.00645
scoring_system epss
scoring_elements 0.70696
published_at 2026-04-12T12:55:00Z
8
value 0.00645
scoring_system epss
scoring_elements 0.70632
published_at 2026-04-02T12:55:00Z
9
value 0.00645
scoring_system epss
scoring_elements 0.70651
published_at 2026-04-04T12:55:00Z
10
value 0.00645
scoring_system epss
scoring_elements 0.70628
published_at 2026-04-07T12:55:00Z
11
value 0.00645
scoring_system epss
scoring_elements 0.70674
published_at 2026-04-08T12:55:00Z
12
value 0.00645
scoring_system epss
scoring_elements 0.7069
published_at 2026-04-09T12:55:00Z
13
value 0.00645
scoring_system epss
scoring_elements 0.70712
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56195
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56195
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56195
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099691
reference_id 1099691
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099691
3
reference_url https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
reference_id btofzws2yqskk2n7f01r3l1819x01023
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:36:13Z/
url https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2024-56195
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4uhe-mtbx-nfdu
3
url VCID-5e1r-3jec-tkhp
vulnerability_id VCID-5e1r-3jec-tkhp
summary trafficserver: Traffic Server ESI Inclusion Depth Vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49763.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49763.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49763
reference_id
reference_type
scores
0
value 0.006
scoring_system epss
scoring_elements 0.69415
published_at 2026-04-04T12:55:00Z
1
value 0.006
scoring_system epss
scoring_elements 0.69399
published_at 2026-04-02T12:55:00Z
2
value 0.00624
scoring_system epss
scoring_elements 0.7018
published_at 2026-04-11T12:55:00Z
3
value 0.00624
scoring_system epss
scoring_elements 0.70094
published_at 2026-04-07T12:55:00Z
4
value 0.00624
scoring_system epss
scoring_elements 0.7014
published_at 2026-04-08T12:55:00Z
5
value 0.00624
scoring_system epss
scoring_elements 0.70156
published_at 2026-04-09T12:55:00Z
6
value 0.00624
scoring_system epss
scoring_elements 0.70165
published_at 2026-04-12T12:55:00Z
7
value 0.00624
scoring_system epss
scoring_elements 0.70153
published_at 2026-04-13T12:55:00Z
8
value 0.0212
scoring_system epss
scoring_elements 0.8416
published_at 2026-04-16T12:55:00Z
9
value 0.03368
scoring_system epss
scoring_elements 0.87399
published_at 2026-04-29T12:55:00Z
10
value 0.03368
scoring_system epss
scoring_elements 0.87398
published_at 2026-04-26T12:55:00Z
11
value 0.03368
scoring_system epss
scoring_elements 0.87375
published_at 2026-04-21T12:55:00Z
12
value 0.03368
scoring_system epss
scoring_elements 0.87391
published_at 2026-04-24T12:55:00Z
13
value 0.03368
scoring_system epss
scoring_elements 0.8738
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49763
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49763
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108044
reference_id 1108044
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108044
4
reference_url https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8
reference_id 15t32nxbypqg1m2smp640vjx89o6v5f8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-20T13:56:03Z/
url https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2373845
reference_id 2373845
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2373845
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2025-49763
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5e1r-3jec-tkhp
4
url VCID-c62p-6ghw-j3dv
vulnerability_id VCID-c62p-6ghw-j3dv
summary Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50305
reference_id
reference_type
scores
0
value 0.00318
scoring_system epss
scoring_elements 0.54808
published_at 2026-04-29T12:55:00Z
1
value 0.00318
scoring_system epss
scoring_elements 0.54812
published_at 2026-04-24T12:55:00Z
2
value 0.00318
scoring_system epss
scoring_elements 0.54832
published_at 2026-04-26T12:55:00Z
3
value 0.00318
scoring_system epss
scoring_elements 0.54804
published_at 2026-04-02T12:55:00Z
4
value 0.00318
scoring_system epss
scoring_elements 0.54827
published_at 2026-04-04T12:55:00Z
5
value 0.00318
scoring_system epss
scoring_elements 0.54796
published_at 2026-04-07T12:55:00Z
6
value 0.00318
scoring_system epss
scoring_elements 0.54847
published_at 2026-04-08T12:55:00Z
7
value 0.00318
scoring_system epss
scoring_elements 0.54844
published_at 2026-04-09T12:55:00Z
8
value 0.00318
scoring_system epss
scoring_elements 0.54856
published_at 2026-04-18T12:55:00Z
9
value 0.00318
scoring_system epss
scoring_elements 0.54838
published_at 2026-04-12T12:55:00Z
10
value 0.00318
scoring_system epss
scoring_elements 0.54816
published_at 2026-04-13T12:55:00Z
11
value 0.00318
scoring_system epss
scoring_elements 0.54854
published_at 2026-04-16T12:55:00Z
12
value 0.00318
scoring_system epss
scoring_elements 0.54837
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50305
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50305
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50305
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087531
reference_id 1087531
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087531
3
reference_url https://usn.ubuntu.com/8050-1/
reference_id USN-8050-1
reference_type
scores
url https://usn.ubuntu.com/8050-1/
4
reference_url https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
reference_id y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:12:16Z/
url https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2024-50305
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c62p-6ghw-j3dv
5
url VCID-eay7-63um-43e9
vulnerability_id VCID-eay7-63um-43e9
summary Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53868
reference_id
reference_type
scores
0
value 0.01774
scoring_system epss
scoring_elements 0.82748
published_at 2026-04-29T12:55:00Z
1
value 0.01774
scoring_system epss
scoring_elements 0.82732
published_at 2026-04-24T12:55:00Z
2
value 0.01774
scoring_system epss
scoring_elements 0.82742
published_at 2026-04-26T12:55:00Z
3
value 0.01774
scoring_system epss
scoring_elements 0.82618
published_at 2026-04-02T12:55:00Z
4
value 0.01774
scoring_system epss
scoring_elements 0.82632
published_at 2026-04-04T12:55:00Z
5
value 0.01774
scoring_system epss
scoring_elements 0.82628
published_at 2026-04-07T12:55:00Z
6
value 0.01774
scoring_system epss
scoring_elements 0.82654
published_at 2026-04-08T12:55:00Z
7
value 0.01774
scoring_system epss
scoring_elements 0.82662
published_at 2026-04-09T12:55:00Z
8
value 0.01774
scoring_system epss
scoring_elements 0.82679
published_at 2026-04-11T12:55:00Z
9
value 0.01774
scoring_system epss
scoring_elements 0.82673
published_at 2026-04-12T12:55:00Z
10
value 0.01774
scoring_system epss
scoring_elements 0.82669
published_at 2026-04-13T12:55:00Z
11
value 0.01774
scoring_system epss
scoring_elements 0.82706
published_at 2026-04-16T12:55:00Z
12
value 0.01774
scoring_system epss
scoring_elements 0.82707
published_at 2026-04-18T12:55:00Z
13
value 0.01774
scoring_system epss
scoring_elements 0.8271
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53868
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53868
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53868
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101996
reference_id 1101996
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101996
3
reference_url https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9
reference_id rwyx91rsrnmpjbm04footfjjf6m9d1c9
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-18T14:37:32Z/
url https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2024-53868
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eay7-63um-43e9
6
url VCID-esap-nkps-cfg9
vulnerability_id VCID-esap-nkps-cfg9
summary Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35296
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31025
published_at 2026-04-29T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31228
published_at 2026-04-24T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31104
published_at 2026-04-26T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.31553
published_at 2026-04-02T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.31595
published_at 2026-04-04T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.31411
published_at 2026-04-07T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31464
published_at 2026-04-08T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31494
published_at 2026-04-09T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31499
published_at 2026-04-11T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31457
published_at 2026-04-12T12:55:00Z
10
value 0.00123
scoring_system epss
scoring_elements 0.31419
published_at 2026-04-13T12:55:00Z
11
value 0.00123
scoring_system epss
scoring_elements 0.31453
published_at 2026-04-16T12:55:00Z
12
value 0.00123
scoring_system epss
scoring_elements 0.31432
published_at 2026-04-18T12:55:00Z
13
value 0.00123
scoring_system epss
scoring_elements 0.31401
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35296
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35296
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35296
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077141
reference_id 1077141
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077141
3
reference_url https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0
reference_id c4mcmpblgl8kkmyt56t23543gp8v56m0
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T14:01:18Z/
url https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2024-35296
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-esap-nkps-cfg9
7
url VCID-jabw-thzt-63bb
vulnerability_id VCID-jabw-thzt-63bb
summary Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50306
reference_id
reference_type
scores
0
value 0.0082
scoring_system epss
scoring_elements 0.74462
published_at 2026-04-29T12:55:00Z
1
value 0.0082
scoring_system epss
scoring_elements 0.74456
published_at 2026-04-24T12:55:00Z
2
value 0.0082
scoring_system epss
scoring_elements 0.74464
published_at 2026-04-26T12:55:00Z
3
value 0.0082
scoring_system epss
scoring_elements 0.74345
published_at 2026-04-02T12:55:00Z
4
value 0.0082
scoring_system epss
scoring_elements 0.74372
published_at 2026-04-04T12:55:00Z
5
value 0.0082
scoring_system epss
scoring_elements 0.74346
published_at 2026-04-07T12:55:00Z
6
value 0.0082
scoring_system epss
scoring_elements 0.74379
published_at 2026-04-08T12:55:00Z
7
value 0.0082
scoring_system epss
scoring_elements 0.74394
published_at 2026-04-09T12:55:00Z
8
value 0.0082
scoring_system epss
scoring_elements 0.74415
published_at 2026-04-11T12:55:00Z
9
value 0.0082
scoring_system epss
scoring_elements 0.74395
published_at 2026-04-12T12:55:00Z
10
value 0.0082
scoring_system epss
scoring_elements 0.74387
published_at 2026-04-13T12:55:00Z
11
value 0.0082
scoring_system epss
scoring_elements 0.74424
published_at 2026-04-16T12:55:00Z
12
value 0.0082
scoring_system epss
scoring_elements 0.74433
published_at 2026-04-18T12:55:00Z
13
value 0.0082
scoring_system epss
scoring_elements 0.74422
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50306
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50306
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50306
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087531
reference_id 1087531
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087531
3
reference_url https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
reference_id y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:07:42Z/
url https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2024-50306
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jabw-thzt-63bb
8
url VCID-jb1b-9gr2-suez
vulnerability_id VCID-jb1b-9gr2-suez
summary Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35161
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44089
published_at 2026-04-02T12:55:00Z
1
value 0.00338
scoring_system epss
scoring_elements 0.56591
published_at 2026-04-29T12:55:00Z
2
value 0.00338
scoring_system epss
scoring_elements 0.5659
published_at 2026-04-24T12:55:00Z
3
value 0.00338
scoring_system epss
scoring_elements 0.56608
published_at 2026-04-26T12:55:00Z
4
value 0.00338
scoring_system epss
scoring_elements 0.56654
published_at 2026-04-04T12:55:00Z
5
value 0.00338
scoring_system epss
scoring_elements 0.56633
published_at 2026-04-07T12:55:00Z
6
value 0.00338
scoring_system epss
scoring_elements 0.56684
published_at 2026-04-08T12:55:00Z
7
value 0.00338
scoring_system epss
scoring_elements 0.56689
published_at 2026-04-09T12:55:00Z
8
value 0.00338
scoring_system epss
scoring_elements 0.56697
published_at 2026-04-11T12:55:00Z
9
value 0.00338
scoring_system epss
scoring_elements 0.56672
published_at 2026-04-12T12:55:00Z
10
value 0.00338
scoring_system epss
scoring_elements 0.56651
published_at 2026-04-13T12:55:00Z
11
value 0.00338
scoring_system epss
scoring_elements 0.56682
published_at 2026-04-16T12:55:00Z
12
value 0.00338
scoring_system epss
scoring_elements 0.56681
published_at 2026-04-18T12:55:00Z
13
value 0.00338
scoring_system epss
scoring_elements 0.56653
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35161
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35161
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35161
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077141
reference_id 1077141
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077141
3
reference_url https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0
reference_id c4mcmpblgl8kkmyt56t23543gp8v56m0
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-31T17:38:35Z/
url https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2024-35161
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jb1b-9gr2-suez
9
url VCID-kjah-am9e-xkev
vulnerability_id VCID-kjah-am9e-xkev
summary Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56202
reference_id
reference_type
scores
0
value 0.00142
scoring_system epss
scoring_elements 0.34493
published_at 2026-04-16T12:55:00Z
1
value 0.00142
scoring_system epss
scoring_elements 0.34047
published_at 2026-04-26T12:55:00Z
2
value 0.00142
scoring_system epss
scoring_elements 0.34066
published_at 2026-04-24T12:55:00Z
3
value 0.00142
scoring_system epss
scoring_elements 0.33961
published_at 2026-04-29T12:55:00Z
4
value 0.00142
scoring_system epss
scoring_elements 0.34478
published_at 2026-04-18T12:55:00Z
5
value 0.00142
scoring_system epss
scoring_elements 0.34438
published_at 2026-04-21T12:55:00Z
6
value 0.00168
scoring_system epss
scoring_elements 0.37948
published_at 2026-04-13T12:55:00Z
7
value 0.00314
scoring_system epss
scoring_elements 0.54589
published_at 2026-04-12T12:55:00Z
8
value 0.00314
scoring_system epss
scoring_elements 0.54556
published_at 2026-04-02T12:55:00Z
9
value 0.00314
scoring_system epss
scoring_elements 0.5458
published_at 2026-04-04T12:55:00Z
10
value 0.00314
scoring_system epss
scoring_elements 0.54549
published_at 2026-04-07T12:55:00Z
11
value 0.00314
scoring_system epss
scoring_elements 0.546
published_at 2026-04-08T12:55:00Z
12
value 0.00314
scoring_system epss
scoring_elements 0.54595
published_at 2026-04-09T12:55:00Z
13
value 0.00314
scoring_system epss
scoring_elements 0.54607
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56202
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56202
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56202
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099691
reference_id 1099691
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099691
3
reference_url https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
reference_id btofzws2yqskk2n7f01r3l1819x01023
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:38:08Z/
url https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2024-56202
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjah-am9e-xkev
10
url VCID-rcdg-j23x-xfbn
vulnerability_id VCID-rcdg-j23x-xfbn
summary Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38479
reference_id
reference_type
scores
0
value 0.00574
scoring_system epss
scoring_elements 0.68816
published_at 2026-04-29T12:55:00Z
1
value 0.00574
scoring_system epss
scoring_elements 0.68804
published_at 2026-04-24T12:55:00Z
2
value 0.00574
scoring_system epss
scoring_elements 0.6881
published_at 2026-04-26T12:55:00Z
3
value 0.00574
scoring_system epss
scoring_elements 0.6868
published_at 2026-04-02T12:55:00Z
4
value 0.00574
scoring_system epss
scoring_elements 0.687
published_at 2026-04-04T12:55:00Z
5
value 0.00574
scoring_system epss
scoring_elements 0.68677
published_at 2026-04-07T12:55:00Z
6
value 0.00574
scoring_system epss
scoring_elements 0.68728
published_at 2026-04-08T12:55:00Z
7
value 0.00574
scoring_system epss
scoring_elements 0.68746
published_at 2026-04-09T12:55:00Z
8
value 0.00574
scoring_system epss
scoring_elements 0.68769
published_at 2026-04-11T12:55:00Z
9
value 0.00574
scoring_system epss
scoring_elements 0.68755
published_at 2026-04-12T12:55:00Z
10
value 0.00574
scoring_system epss
scoring_elements 0.68726
published_at 2026-04-13T12:55:00Z
11
value 0.00574
scoring_system epss
scoring_elements 0.68767
published_at 2026-04-16T12:55:00Z
12
value 0.00574
scoring_system epss
scoring_elements 0.68778
published_at 2026-04-18T12:55:00Z
13
value 0.00574
scoring_system epss
scoring_elements 0.68756
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38479
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38479
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38479
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087531
reference_id 1087531
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087531
3
reference_url https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
reference_id y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T18:51:08Z/
url https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2024-38479
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcdg-j23x-xfbn
11
url VCID-rw58-bnwt-2bam
vulnerability_id VCID-rw58-bnwt-2bam
summary Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38522
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58478
published_at 2026-04-26T12:55:00Z
1
value 0.00364
scoring_system epss
scoring_elements 0.58465
published_at 2026-04-29T12:55:00Z
2
value 0.00364
scoring_system epss
scoring_elements 0.58458
published_at 2026-04-02T12:55:00Z
3
value 0.00364
scoring_system epss
scoring_elements 0.58477
published_at 2026-04-04T12:55:00Z
4
value 0.00364
scoring_system epss
scoring_elements 0.58448
published_at 2026-04-07T12:55:00Z
5
value 0.00364
scoring_system epss
scoring_elements 0.58501
published_at 2026-04-08T12:55:00Z
6
value 0.00364
scoring_system epss
scoring_elements 0.58507
published_at 2026-04-09T12:55:00Z
7
value 0.00364
scoring_system epss
scoring_elements 0.58524
published_at 2026-04-11T12:55:00Z
8
value 0.00364
scoring_system epss
scoring_elements 0.58504
published_at 2026-04-12T12:55:00Z
9
value 0.00364
scoring_system epss
scoring_elements 0.58485
published_at 2026-04-13T12:55:00Z
10
value 0.00364
scoring_system epss
scoring_elements 0.58517
published_at 2026-04-16T12:55:00Z
11
value 0.00364
scoring_system epss
scoring_elements 0.58521
published_at 2026-04-18T12:55:00Z
12
value 0.00364
scoring_system epss
scoring_elements 0.585
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38522
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38522
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077141
reference_id 1077141
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077141
3
reference_url https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0
reference_id c4mcmpblgl8kkmyt56t23543gp8v56m0
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T13:37:29Z/
url https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2023-38522
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rw58-bnwt-2bam
12
url VCID-tevw-8dcp-yfh6
vulnerability_id VCID-tevw-8dcp-yfh6
summary trafficserver: Apache Traffic Server PROXY Protocol ACL Bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31698.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31698.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31698
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.43155
published_at 2026-04-04T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.43128
published_at 2026-04-02T12:55:00Z
2
value 0.00216
scoring_system epss
scoring_elements 0.44157
published_at 2026-04-11T12:55:00Z
3
value 0.00216
scoring_system epss
scoring_elements 0.44088
published_at 2026-04-07T12:55:00Z
4
value 0.00216
scoring_system epss
scoring_elements 0.44139
published_at 2026-04-08T12:55:00Z
5
value 0.00216
scoring_system epss
scoring_elements 0.44141
published_at 2026-04-09T12:55:00Z
6
value 0.00216
scoring_system epss
scoring_elements 0.44124
published_at 2026-04-13T12:55:00Z
7
value 0.00743
scoring_system epss
scoring_elements 0.73056
published_at 2026-04-16T12:55:00Z
8
value 0.00753
scoring_system epss
scoring_elements 0.73271
published_at 2026-04-24T12:55:00Z
9
value 0.00753
scoring_system epss
scoring_elements 0.73282
published_at 2026-04-29T12:55:00Z
10
value 0.00753
scoring_system epss
scoring_elements 0.73243
published_at 2026-04-18T12:55:00Z
11
value 0.00753
scoring_system epss
scoring_elements 0.73284
published_at 2026-04-26T12:55:00Z
12
value 0.00753
scoring_system epss
scoring_elements 0.73237
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31698
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31698
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31698
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108044
reference_id 1108044
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108044
4
reference_url https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8
reference_id 15t32nxbypqg1m2smp640vjx89o6v5f8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-20T13:31:33Z/
url https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2373846
reference_id 2373846
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2373846
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2025-31698
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tevw-8dcp-yfh6
13
url VCID-ww3t-p3pq-gkhy
vulnerability_id VCID-ww3t-p3pq-gkhy
summary A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58136
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12268
published_at 2026-04-04T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.4001
published_at 2026-04-07T12:55:00Z
2
value 0.00241
scoring_system epss
scoring_elements 0.47341
published_at 2026-04-08T12:55:00Z
3
value 0.00241
scoring_system epss
scoring_elements 0.47338
published_at 2026-04-09T12:55:00Z
4
value 0.00241
scoring_system epss
scoring_elements 0.47362
published_at 2026-04-11T12:55:00Z
5
value 0.00241
scoring_system epss
scoring_elements 0.47336
published_at 2026-04-12T12:55:00Z
6
value 0.00241
scoring_system epss
scoring_elements 0.47343
published_at 2026-04-13T12:55:00Z
7
value 0.00241
scoring_system epss
scoring_elements 0.47402
published_at 2026-04-16T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52693
published_at 2026-04-18T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52677
published_at 2026-04-21T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52628
published_at 2026-04-24T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.52638
published_at 2026-04-26T12:55:00Z
12
value 0.00293
scoring_system epss
scoring_elements 0.52601
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58136
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58136
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132717
reference_id 1132717
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132717
fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
aliases CVE-2025-58136
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww3t-p3pq-gkhy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3