Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/99564?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/99564?format=api", "purl": "pkg:rpm/redhat/log4j-eap6@1.2.17-3.redhat_00008.1.ep6?arch=el6", "type": "rpm", "namespace": "redhat", "name": "log4j-eap6", "version": "1.2.17-3.redhat_00008.1.ep6", "qualifiers": { "arch": "el6" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12311?format=api", "vulnerability_id": "VCID-1vfk-arae-ubha", "summary": "Deserialization of Untrusted Data in Log4j 1.x\nJMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.7078", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70794", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70817", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.7081", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70718", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70737", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70713", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70758", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70796", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73859", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.7385", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j1" }, { "reference_url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w" }, { "reference_url": "https://logging.apache.org/log4j/1.2/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://logging.apache.org/log4j/1.2/index.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220217-0006" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/18/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482", "reference_id": "1004482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949", "reference_id": "2041949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302", "reference_id": "CVE-2022-23302", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2022-23302-detect-log4j-1217-vulnerability", "reference_id": "CVE-2022-23302-DETECT-LOG4J-1217-VULNERABILITY", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2022-23302-detect-log4j-1217-vulnerability" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2022-23302-mitigate-log4j-1217-vulnerability", "reference_id": "CVE-2022-23302-MITIGATE-LOG4J-1217-VULNERABILITY", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2022-23302-mitigate-log4j-1217-vulnerability" }, { "reference_url": "https://github.com/advisories/GHSA-w9p3-5cr8-m3jj", "reference_id": "GHSA-w9p3-5cr8-m3jj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9p3-5cr8-m3jj" }, { "reference_url": "https://security.gentoo.org/glsa/202402-16", "reference_id": "GLSA-202402-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0289", "reference_id": "RHSA-2022:0289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0290", "reference_id": "RHSA-2022:0290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0291", "reference_id": "RHSA-2022:0291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0294", "reference_id": "RHSA-2022:0294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0430", "reference_id": "RHSA-2022:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0435", "reference_id": "RHSA-2022:0435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0436", "reference_id": "RHSA-2022:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0437", "reference_id": "RHSA-2022:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0438", "reference_id": "RHSA-2022:0438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0439", "reference_id": "RHSA-2022:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0442", "reference_id": "RHSA-2022:0442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0444", "reference_id": "RHSA-2022:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0445", "reference_id": "RHSA-2022:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0446", "reference_id": "RHSA-2022:0446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0449", "reference_id": "RHSA-2022:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0450", "reference_id": "RHSA-2022:0450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0467", "reference_id": "RHSA-2022:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0469", "reference_id": "RHSA-2022:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0475", "reference_id": "RHSA-2022:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0497", "reference_id": "RHSA-2022:0497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0507", "reference_id": "RHSA-2022:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0524", "reference_id": "RHSA-2022:0524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0527", "reference_id": "RHSA-2022:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0553", "reference_id": "RHSA-2022:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0661", "reference_id": "RHSA-2022:0661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5458", "reference_id": "RHSA-2022:5458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5459", "reference_id": "RHSA-2022:5459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5460", "reference_id": "RHSA-2022:5460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/5998-1/", "reference_id": "USN-5998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5998-1/" }, { "reference_url": "https://usn.ubuntu.com/7590-1/", "reference_id": "USN-7590-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7590-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-23302", "GHSA-w9p3-5cr8-m3jj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfk-arae-ubha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11784?format=api", "vulnerability_id": "VCID-698m-2hju-2qcv", "summary": "Deserialization of Untrusted Data\nJMSAppender in Log4j is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide `TopicBindingName` and `TopicConnectionFactoryBindingName` configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j when specifically configured to use JMSAppender, which is not the default. Apache Log4j reached end of life in August Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98647", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98653", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98651", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98643", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98641", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98639", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98633", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98646", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98644", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.72202", "scoring_system": "epss", "scoring_elements": "0.98761", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.72202", "scoring_system": "epss", "scoring_elements": "0.98762", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2" }, { "reference_url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033" }, { "reference_url": "https://security.gentoo.org/glsa/202209-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202209-02" }, { "reference_url": "https://security.gentoo.org/glsa/202310-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202310-16" }, { "reference_url": "https://security.gentoo.org/glsa/202312-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202312-04" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20211223-0007/" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2021-44228", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "reference_url": "https://www.kb.cert.org/vuls/id/930724", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/18/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667", "reference_id": "2031667", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-4104", "reference_id": "CVE-2021-4104", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-4104" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", "reference_id": "CVE-2021-4104", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104" }, { "reference_url": "https://github.com/advisories/GHSA-fp5r-v3w9-4333", "reference_id": "GHSA-fp5r-v3w9-4333", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fp5r-v3w9-4333" }, { "reference_url": "https://security.gentoo.org/glsa/202312-02", "reference_id": "GLSA-202312-02", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202312-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5107", "reference_id": "RHSA-2021:5107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5141", "reference_id": "RHSA-2021:5141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5148", "reference_id": "RHSA-2021:5148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5183", "reference_id": "RHSA-2021:5183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5184", "reference_id": "RHSA-2021:5184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5186", "reference_id": "RHSA-2021:5186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5206", "reference_id": "RHSA-2021:5206", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5269", "reference_id": "RHSA-2021:5269", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0289", "reference_id": "RHSA-2022:0289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0290", "reference_id": "RHSA-2022:0290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0291", "reference_id": "RHSA-2022:0291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0294", "reference_id": "RHSA-2022:0294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0430", "reference_id": "RHSA-2022:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0435", "reference_id": "RHSA-2022:0435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0436", "reference_id": "RHSA-2022:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0437", "reference_id": "RHSA-2022:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0438", "reference_id": "RHSA-2022:0438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0444", "reference_id": "RHSA-2022:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0445", "reference_id": "RHSA-2022:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0446", "reference_id": "RHSA-2022:0446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0449", "reference_id": "RHSA-2022:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0450", "reference_id": "RHSA-2022:0450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0475", "reference_id": "RHSA-2022:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0497", "reference_id": "RHSA-2022:0497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0507", "reference_id": "RHSA-2022:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0524", "reference_id": "RHSA-2022:0524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0527", "reference_id": "RHSA-2022:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0553", "reference_id": "RHSA-2022:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0661", "reference_id": "RHSA-2022:0661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5458", "reference_id": "RHSA-2022:5458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5459", "reference_id": "RHSA-2022:5459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5460", "reference_id": "RHSA-2022:5460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/5223-1/", "reference_id": "USN-5223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5223-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5223-2/", "reference_id": "USN-USN-5223-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5223-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-4104", "GHSA-fp5r-v3w9-4333" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-698m-2hju-2qcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12203?format=api", "vulnerability_id": "VCID-9k99-jzq8-fyge", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nBy design, the JDBCAppender in Log4j accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j when specifically configured to use the JDBCAppender, which is not the default. Beginning, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j reached end of life in August Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92074", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92045", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.9205", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92069", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92077", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09452", "scoring_system": "epss", "scoring_elements": "0.92832", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.1156", "scoring_system": "epss", "scoring_elements": "0.93668", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23305" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j1" }, { "reference_url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y" }, { "reference_url": "https://logging.apache.org/log4j/1.2/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://logging.apache.org/log4j/1.2/index.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220217-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220217-0007/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/18/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482", "reference_id": "1004482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959", "reference_id": "2041959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", "reference_id": "CVE-2022-23305", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305" }, { "reference_url": "https://github.com/advisories/GHSA-65fg-84f6-3jq3", "reference_id": "GHSA-65fg-84f6-3jq3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65fg-84f6-3jq3" }, { "reference_url": "https://security.gentoo.org/glsa/202402-16", "reference_id": "GLSA-202402-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0289", "reference_id": "RHSA-2022:0289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0290", "reference_id": "RHSA-2022:0290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0291", "reference_id": "RHSA-2022:0291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0294", "reference_id": "RHSA-2022:0294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0430", "reference_id": "RHSA-2022:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0435", "reference_id": "RHSA-2022:0435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0436", "reference_id": "RHSA-2022:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0437", "reference_id": "RHSA-2022:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0438", "reference_id": "RHSA-2022:0438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0439", "reference_id": "RHSA-2022:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0442", "reference_id": "RHSA-2022:0442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0444", "reference_id": "RHSA-2022:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0445", "reference_id": "RHSA-2022:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0446", "reference_id": "RHSA-2022:0446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0449", "reference_id": "RHSA-2022:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0450", "reference_id": "RHSA-2022:0450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0467", "reference_id": "RHSA-2022:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0469", "reference_id": "RHSA-2022:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0475", "reference_id": "RHSA-2022:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0497", "reference_id": "RHSA-2022:0497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0507", "reference_id": "RHSA-2022:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0524", "reference_id": "RHSA-2022:0524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0527", "reference_id": "RHSA-2022:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0553", "reference_id": "RHSA-2022:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0661", "reference_id": "RHSA-2022:0661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5458", "reference_id": "RHSA-2022:5458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5459", "reference_id": "RHSA-2022:5459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5460", "reference_id": "RHSA-2022:5460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/5998-1/", "reference_id": "USN-5998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5998-1/" }, { "reference_url": "https://usn.ubuntu.com/7590-1/", "reference_id": "USN-7590-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7590-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-23305", "GHSA-65fg-84f6-3jq3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9k99-jzq8-fyge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12208?format=api", "vulnerability_id": "VCID-bbq3-tx7c-yucn", "summary": "This advisory has been marked as False Positive and removed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84292", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84288", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84287", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84265", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84268", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84227", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84208", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02603", "scoring_system": "epss", "scoring_elements": "0.85672", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02603", "scoring_system": "epss", "scoring_elements": "0.85661", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh" }, { "reference_url": "https://logging.apache.org/log4j/1.2/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://logging.apache.org/log4j/1.2/index.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482", "reference_id": "1004482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967", "reference_id": "2041967", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", "reference_id": "CVE-2022-23307", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307" }, { "reference_url": "https://github.com/advisories/GHSA-f7vh-qwp3-x37m", "reference_id": "GHSA-f7vh-qwp3-x37m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7vh-qwp3-x37m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0289", "reference_id": "RHSA-2022:0289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0290", "reference_id": "RHSA-2022:0290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0291", "reference_id": "RHSA-2022:0291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0294", "reference_id": "RHSA-2022:0294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0430", "reference_id": "RHSA-2022:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0435", "reference_id": "RHSA-2022:0435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0436", "reference_id": "RHSA-2022:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0437", "reference_id": "RHSA-2022:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0438", "reference_id": "RHSA-2022:0438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0439", "reference_id": "RHSA-2022:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0442", "reference_id": "RHSA-2022:0442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0444", "reference_id": "RHSA-2022:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0445", "reference_id": "RHSA-2022:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0446", "reference_id": "RHSA-2022:0446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0449", "reference_id": "RHSA-2022:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0450", "reference_id": "RHSA-2022:0450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0467", "reference_id": "RHSA-2022:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0469", "reference_id": "RHSA-2022:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0475", "reference_id": "RHSA-2022:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0497", "reference_id": "RHSA-2022:0497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0507", "reference_id": "RHSA-2022:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0524", "reference_id": "RHSA-2022:0524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0527", "reference_id": "RHSA-2022:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0553", "reference_id": "RHSA-2022:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0661", "reference_id": "RHSA-2022:0661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5458", "reference_id": "RHSA-2022:5458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5459", "reference_id": "RHSA-2022:5459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5460", "reference_id": "RHSA-2022:5460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/5998-1/", "reference_id": "USN-5998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5998-1/" }, { "reference_url": "https://usn.ubuntu.com/7590-1/", "reference_id": "USN-7590-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7590-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-23307", "GHSA-f7vh-qwp3-x37m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbq3-tx7c-yucn" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/log4j-eap6@1.2.17-3.redhat_00008.1.ep6%3Farch=el6" }