Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/25236?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25236?format=api", "vulnerability_id": "VCID-qatc-a78d-8ufh", "summary": "quic-go: Panic occurs when queuing undecryptable packets after handshake completion\n## Summary\n\nA misbehaving or malicious server can trigger an assertion in a quic-go client (and crash the process) by sending a premature HANDSHAKE_DONE frame during the handshake.\n\n## Impact\n\nA misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. Observed in the wild with certain server implementations (e.g. Solana's Firedancer QUIC).\n\n## Affected Versions\n\n- All versions prior to v0.49.1 (for the 0.49 branch)\n- Versions v0.50.0 to v0.54.0 (inclusive)\n- Fixed in v0.49.1, v0.54.1, and v0.55.0 onward\n\nUsers are recommended to upgrade to the latest patched version in their respective maintenance branch or to v0.55.0 or later.\n\n## Details\n\nFor a regular 1-RTT handshake, QUIC uses three sets of keys to encrypt / decrypt QUIC packets:\n\n- Initial keys (derived from a static key and the connection ID)\n- Handshake keys (derived from the client's and server's key shares in the TLS handshake)\n- 1-RTT keys (derived when the TLS handshake finishes)\n\nOn the client side, Initial keys are discarded when the first Handshake packet is sent. Handshake keys are discarded when the server's HANDSHAKE_DONE frame is received, as specified in section 4.9.2 of RFC 9001. Crucially, Initial keys are always dropped before Handshake keys in a standard handshake.\n\nDue to packet reordering, it is possible to receive a packet with a higher encryption level before the key for that encryption level has been derived. For example, the server's Handshake packets (containing, among others, the TLS certificate) might arrive before the server's Initial packet (which contains the TLS ServerHello). In that case, the client queues the Handshake packets and decrypts them as soon as it has processed the ServerHello and derived Handshake keys.\n\nAfter completion of the handshake, Initial and Handshake packets are not needed anymore and will be dropped. quic-go implements an [assertion](https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685) that no packets are queued after completion of the handshake.\n\nA misbehaving or malicious server can trigger this assertion, and thereby cause a panic, by sending a HANDSHAKE_DONE frame before actually completing the handshake. In that case, Handshake keys would be dropped before Initial keys.\n\nThis can only happen if the server implementation is misbehaving: the server can only complete the handshake after receiving the client's TLS Finished message (which is sent in Handshake packets).\n\n## The Fix\n\nquic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. We now discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames. The fix was implemented in https://github.com/quic-go/quic-go/pull/5354.", "aliases": [ { "alias": "CVE-2025-59530" }, { "alias": "GHSA-47m2-4cr7-mhcw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994851?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-2~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/924035?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.54.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.54.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/994853?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.55.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.55.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/924029?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/68422?format=api", "purl": "pkg:golang/github.com/quic-go/quic-go@0.49.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/quic-go/quic-go@0.49.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/68423?format=api", "purl": "pkg:golang/github.com/quic-go/quic-go@0.54.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/quic-go/quic-go@0.54.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924028?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18gf-znwv-aubu" }, { "vulnerability": "VCID-3vjt-1se3-rbhc" }, { "vulnerability": "VCID-apqf-t7ew-5fgw" }, { "vulnerability": "VCID-qatc-a78d-8ufh" }, { "vulnerability": "VCID-tw5q-cn78-vyda" }, { "vulnerability": "VCID-u6kw-zxc9-q7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/994849?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18gf-znwv-aubu" }, { "vulnerability": "VCID-3vjt-1se3-rbhc" }, { "vulnerability": "VCID-apqf-t7ew-5fgw" }, { "vulnerability": "VCID-qatc-a78d-8ufh" }, { "vulnerability": "VCID-tw5q-cn78-vyda" }, { "vulnerability": "VCID-u6kw-zxc9-q7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994850?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18gf-znwv-aubu" }, { "vulnerability": "VCID-3vjt-1se3-rbhc" }, { "vulnerability": "VCID-apqf-t7ew-5fgw" }, { "vulnerability": "VCID-qatc-a78d-8ufh" }, { "vulnerability": "VCID-tw5q-cn78-vyda" }, { "vulnerability": "VCID-u6kw-zxc9-q7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/924026?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18gf-znwv-aubu" }, { "vulnerability": "VCID-3vjt-1se3-rbhc" }, { "vulnerability": "VCID-apqf-t7ew-5fgw" }, { "vulnerability": "VCID-qatc-a78d-8ufh" }, { "vulnerability": "VCID-tw5q-cn78-vyda" }, { "vulnerability": "VCID-u6kw-zxc9-q7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/994852?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-apqf-t7ew-5fgw" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/924030?format=api", "purl": "pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-apqf-t7ew-5fgw" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88168?format=api", "purl": "pkg:rpm/redhat/ansible-builder@3.1.1-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-builder@3.1.1-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88205?format=api", "purl": "pkg:rpm/redhat/ansible-builder@3.1.1-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-builder@3.1.1-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88193?format=api", "purl": "pkg:rpm/redhat/ansible-creator@25.12.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-creator@25.12.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88159?format=api", "purl": "pkg:rpm/redhat/ansible-creator@25.12.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-creator@25.12.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88162?format=api", "purl": "pkg:rpm/redhat/ansible-dev-environment@25.12.2-1.1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-dev-environment@25.12.2-1.1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88189?format=api", "purl": "pkg:rpm/redhat/ansible-dev-environment@25.12.2-1.1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-dev-environment@25.12.2-1.1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88204?format=api", "purl": "pkg:rpm/redhat/ansible-dev-tools@25.12.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-dev-tools@25.12.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88169?format=api", "purl": "pkg:rpm/redhat/ansible-dev-tools@25.12.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-dev-tools@25.12.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88171?format=api", "purl": "pkg:rpm/redhat/ansible-lint@25.12.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-lint@25.12.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88207?format=api", "purl": "pkg:rpm/redhat/ansible-lint@25.12.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-lint@25.12.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88179?format=api", "purl": "pkg:rpm/redhat/ansible-navigator@25.12.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-navigator@25.12.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88214?format=api", "purl": "pkg:rpm/redhat/ansible-navigator@25.12.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-navigator@25.12.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88180?format=api", "purl": "pkg:rpm/redhat/ansible-sign@0.1.4-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-sign@0.1.4-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88215?format=api", "purl": "pkg:rpm/redhat/ansible-sign@0.1.4-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-sign@0.1.4-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88174?format=api", "purl": "pkg:rpm/redhat/automation-hub@4.10.10-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/automation-hub@4.10.10-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88208?format=api", "purl": "pkg:rpm/redhat/automation-hub@4.10.10-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/automation-hub@4.10.10-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88182?format=api", "purl": "pkg:rpm/redhat/bindep@2.13.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/bindep@2.13.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88217?format=api", "purl": "pkg:rpm/redhat/bindep@2.13.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/bindep@2.13.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88157?format=api", "purl": "pkg:rpm/redhat/molecule@25.12.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/molecule@25.12.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88192?format=api", "purl": "pkg:rpm/redhat/molecule@25.12.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/molecule@25.12.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88153?format=api", "purl": "pkg:rpm/redhat/python3.11-ansible-compat@25.12.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-ansible-compat@25.12.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88188?format=api", "purl": "pkg:rpm/redhat/python3.11-ansible-compat@25.12.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-ansible-compat@25.12.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88152?format=api", "purl": "pkg:rpm/redhat/python3.11-distlib@0.4.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-distlib@0.4.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88181?format=api", "purl": "pkg:rpm/redhat/python3.11-distlib@0.4.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-distlib@0.4.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88173?format=api", "purl": "pkg:rpm/redhat/python3.11-django@4.2.26-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-django@4.2.26-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88209?format=api", "purl": "pkg:rpm/redhat/python3.11-django@4.2.26-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-django@4.2.26-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88187?format=api", "purl": "pkg:rpm/redhat/python3.11-execnet@2.1.2-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-execnet@2.1.2-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88154?format=api", "purl": "pkg:rpm/redhat/python3.11-execnet@2.1.2-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-execnet@2.1.2-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88170?format=api", "purl": "pkg:rpm/redhat/python3.11-galaxy-importer@0.4.36-2?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-galaxy-importer@0.4.36-2%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88211?format=api", "purl": "pkg:rpm/redhat/python3.11-galaxy-importer@0.4.36-2?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-galaxy-importer@0.4.36-2%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88155?format=api", "purl": "pkg:rpm/redhat/python3.11-galaxy-ng@4.10.10-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-galaxy-ng@4.10.10-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88190?format=api", "purl": "pkg:rpm/redhat/python3.11-galaxy-ng@4.10.10-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-galaxy-ng@4.10.10-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88160?format=api", "purl": "pkg:rpm/redhat/python3.11-gunicorn@23.0.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-gunicorn@23.0.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88196?format=api", "purl": "pkg:rpm/redhat/python3.11-gunicorn@23.0.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-gunicorn@23.0.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88203?format=api", "purl": "pkg:rpm/redhat/python3.11-pluggy@1.6.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pluggy@1.6.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88178?format=api", "purl": "pkg:rpm/redhat/python3.11-pluggy@1.6.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pluggy@1.6.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88163?format=api", "purl": "pkg:rpm/redhat/python3.11-pytest@9.0.1-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest@9.0.1-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88201?format=api", "purl": "pkg:rpm/redhat/python3.11-pytest@9.0.1-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest@9.0.1-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88177?format=api", "purl": "pkg:rpm/redhat/python3.11-pytest-ansible@25.12.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest-ansible@25.12.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88212?format=api", "purl": "pkg:rpm/redhat/python3.11-pytest-ansible@25.12.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest-ansible@25.12.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88206?format=api", "purl": "pkg:rpm/redhat/python3.11-pytest-xdist@3.8.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest-xdist@3.8.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88191?format=api", "purl": "pkg:rpm/redhat/python3.11-pytest-xdist@3.8.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest-xdist@3.8.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88151?format=api", "purl": "pkg:rpm/redhat/python3.11-ruamel-yaml-clib@0.2.15-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-ruamel-yaml-clib@0.2.15-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88185?format=api", "purl": "pkg:rpm/redhat/python3.11-ruamel-yaml-clib@0.2.15-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-ruamel-yaml-clib@0.2.15-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88197?format=api", "purl": "pkg:rpm/redhat/python3.11-subprocess-tee@0.4.2-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-subprocess-tee@0.4.2-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88164?format=api", "purl": "pkg:rpm/redhat/python3.11-subprocess-tee@0.4.2-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-subprocess-tee@0.4.2-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88167?format=api", "purl": "pkg:rpm/redhat/python3.11-tox-ansible@25.12.0-1.2?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-tox-ansible@25.12.0-1.2%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88202?format=api", "purl": "pkg:rpm/redhat/python3.11-tox-ansible@25.12.0-1.2?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-tox-ansible@25.12.0-1.2%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88166?format=api", "purl": "pkg:rpm/redhat/python3.11-typing-extensions@4.15.0-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-typing-extensions@4.15.0-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88199?format=api", "purl": "pkg:rpm/redhat/python3.11-typing-extensions@4.15.0-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ahj-2e48-k3bq" }, { "vulnerability": "VCID-6wx7-16zc-8qck" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-aq84-8cnz-byax" }, { "vulnerability": "VCID-pvw1-t3hh-nyep" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-typing-extensions@4.15.0-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88198?format=api", "purl": "pkg:rpm/redhat/receptor@1.6.2-1?arch=el8ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/receptor@1.6.2-1%3Farch=el8ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88175?format=api", "purl": "pkg:rpm/redhat/receptor@1.6.2-1?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/receptor@1.6.2-1%3Farch=el9ap" }, { "url": "http://public2.vulnerablecode.io/api/packages/88507?format=api", "purl": "pkg:rpm/redhat/receptor@1.6.2-2?arch=el9ap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qatc-a78d-8ufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/receptor@1.6.2-2%3Farch=el9ap" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59530.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10153", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1018", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10306", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10326", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10367", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10202", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10304", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10239", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59530" }, { "reference_url": "https://github.com/quic-go/quic-go", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/quic-go/quic-go" }, { "reference_url": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:31:32Z/" } ], "url": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685" }, { "reference_url": "https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c" }, { "reference_url": "https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42" }, { "reference_url": "https://github.com/quic-go/quic-go/pull/5354", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:31:32Z/" } ], "url": "https://github.com/quic-go/quic-go/pull/5354" }, { "reference_url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:31:32Z/" } ], "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59530", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59530" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-4017", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2025-4017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403125", "reference_id": "2403125", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21706", "reference_id": "RHSA-2025:21706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21706" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21768", "reference_id": "RHSA-2025:21768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21775", "reference_id": "RHSA-2025:21775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21892", "reference_id": "RHSA-2025:21892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22784", "reference_id": "RHSA-2025:22784", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22784" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23069", "reference_id": "RHSA-2025:23069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23131", "reference_id": "RHSA-2025:23131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23131" } ], "weaknesses": [ { "cwe_id": 617, "name": "Reachable Assertion", "description": "The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary." }, { "cwe_id": 755, "name": "Improper Handling of Exceptional Conditions", "description": "The product does not handle or incorrectly handles an exceptional condition." } ], "exploits": [], "severity_range_score": "5.3 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qatc-a78d-8ufh" }