Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/44730?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44730?format=api", "vulnerability_id": "VCID-e8hu-czv4-yyc5", "summary": "SnakeYAML Entity Expansion during load operation\nThe Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", "aliases": [ { "alias": "CVE-2017-18640" }, { "alias": "GHSA-rvwf-54qp-4r6v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/939594?format=api", "purl": "pkg:deb/debian/snakeyaml@1.25%2Bds-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/snakeyaml@1.25%252Bds-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/939595?format=api", "purl": "pkg:deb/debian/snakeyaml@1.28-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/snakeyaml@1.28-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050761?format=api", "purl": "pkg:deb/debian/snakeyaml@1.28-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/snakeyaml@1.28-1%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/939593?format=api", "purl": "pkg:deb/debian/snakeyaml@1.33-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/snakeyaml@1.33-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/939597?format=api", "purl": "pkg:deb/debian/snakeyaml@2.0%2Bds%2Breally1.33-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/snakeyaml@2.0%252Bds%252Breally1.33-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/939596?format=api", "purl": "pkg:deb/debian/snakeyaml@2.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/snakeyaml@2.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/85717?format=api", "purl": "pkg:ebuild/dev-java/snakeyaml@1.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-java/snakeyaml@1.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/76440?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.26" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050758?format=api", "purl": "pkg:deb/debian/snakeyaml@1.12-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/snakeyaml@1.12-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050759?format=api", "purl": "pkg:deb/debian/snakeyaml@1.17-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/snakeyaml@1.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050760?format=api", "purl": "pkg:deb/debian/snakeyaml@1.23-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/snakeyaml@1.23-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/197931?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/197932?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/197933?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/197934?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/197935?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/197936?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/197937?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/197938?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/197939?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/197940?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/197941?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/197942?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/197943?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/197944?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/197945?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/197946?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/197947?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/197948?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/197949?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/197950?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/197951?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/197952?format=api", "purl": "pkg:maven/org.yaml/snakeyaml@1.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nu3-fknt-puej" }, { "vulnerability": "VCID-6354-p39b-zbhp" }, { "vulnerability": "VCID-dmkc-42vj-gbhc" }, { "vulnerability": "VCID-e8hu-czv4-yyc5" }, { "vulnerability": "VCID-fb8u-g65k-hffs" }, { "vulnerability": "VCID-mm3e-4pej-byed" }, { "vulnerability": "VCID-qxfs-sq38-jfad" }, { "vulnerability": "VCID-sqsn-ygsg-yfdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/104636?format=api", "purl": "pkg:rpm/redhat/prometheus-jmx-exporter@0.12.0-6?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e8hu-czv4-yyc5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prometheus-jmx-exporter@0.12.0-6%3Farch=el8" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18640.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18640.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.84328", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.84306", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.8431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.84316", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.84299", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.84238", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.84271", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.84269", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.8425", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02166", "scoring_system": "epss", "scoring_elements": "0.84293", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18640" }, { "reference_url": "https://bitbucket.org/asomov/snakeyaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bitbucket.org/asomov/snakeyaml" }, { "reference_url": "https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c" }, { "reference_url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion" }, { "reference_url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack" }, { "reference_url": "https://bitbucket.org/asomov/snakeyaml/wiki/Changes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bitbucket.org/asomov/snakeyaml/wiki/Changes" }, { "reference_url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377" }, { "reference_url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18640" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0@%3Cdev.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0@%3Cdev.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953@%3Cdev.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953@%3Cdev.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94@%3Cdev.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94@%3Cdev.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422@%3Cdev.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422@%3Cdev.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6@%3Cdev.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6@%3Cdev.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95@%3Ccommits.servicecomb.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95@%3Ccommits.servicecomb.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2@%3Cpr.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2@%3Cpr.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d@%3Ccommon-dev.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d@%3Ccommon-dev.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0@%3Cdev.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0@%3Cdev.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a@%3Ccommits.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a@%3Ccommits.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722@%3Cdev.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722@%3Cdev.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7@%3Ccommits.cassandra.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7@%3Ccommits.cassandra.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/" }, { "reference_url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640" }, { "reference_url": "https://security.gentoo.org/glsa/202305-28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202305-28" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785376", "reference_id": "1785376", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785376" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952683", "reference_id": "952683", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952683" }, { "reference_url": "https://github.com/advisories/GHSA-rvwf-54qp-4r6v", "reference_id": "GHSA-rvwf-54qp-4r6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvwf-54qp-4r6v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2603", "reference_id": "RHSA-2020:2603", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2603" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4807", "reference_id": "RHSA-2020:4807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3225", "reference_id": "RHSA-2021:3225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3225" }, { "reference_url": "https://usn.ubuntu.com/7368-1/", "reference_id": "USN-7368-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7368-1/" } ], "weaknesses": [ { "cwe_id": 776, "name": "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", "description": "The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities." }, { "cwe_id": 122, "name": "Heap-based Buffer Overflow", "description": "A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8hu-czv4-yyc5" }