Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wga4-sqwk-4bfj

Summary openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand

Aliases

alias	CVE-2025-61984

Fixed_packages

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=x86&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=aarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=aarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=armhf&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=armhf&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=armhf&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=armv7&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=armv7&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=armv7&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=loongarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=loongarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=loongarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=ppc64le&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=ppc64le&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=ppc64le&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=riscv64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=riscv64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=riscv64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=s390x&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=s390x&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=s390x&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=x86_64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=x86_64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=x86_64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armv7&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armv7&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=armv7&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=loongarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=loongarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=x86&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86_64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86_64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=x86_64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=riscv64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=riscv64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=aarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=aarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armhf&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=armhf&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armv7&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=armv7&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=loongarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=loongarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=ppc64le&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=s390x&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=s390x&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=s390x&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=x86&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86_64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=x86_64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=aarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=aarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=aarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armhf&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armhf&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=armhf&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=ppc64le&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=ppc64le&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=riscv64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=riscv64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=riscv64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=s390x&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=s390x&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=s390x&distroversion=v3.23&reponame=main

url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7?distro=trixie

purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7%3Fdistro=trixie

url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7

purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7

url	pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8?distro=trixie
purl	pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8%3Fdistro=trixie

url	pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl	pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9

url pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssh@1:10.1p1-1?distro=trixie
purl	pkg:deb/debian/openssh@1:10.1p1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.1p1-1%3Fdistro=trixie

url pkg:deb/debian/openssh@1:10.2p1-6?distro=trixie

purl pkg:deb/debian/openssh@1:10.2p1-6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-6%3Fdistro=trixie

url	pkg:deb/debian/openssh@1:10.3p1-1?distro=trixie
purl	pkg:deb/debian/openssh@1:10.3p1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-b4uc-yh56-muej

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3

purl pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-b4uc-yh56-muej

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-ha8v-pqwf-r3a1

vulnerability	VCID-hse5-y15y-n3dw

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3

url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7?distro=trixie

purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7%3Fdistro=trixie

url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7

purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7

url pkg:rpm/redhat/openssh@8.0p1-27?arch=el8_10

purl pkg:rpm/redhat/openssh@8.0p1-27?arch=el8_10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.0p1-27%3Farch=el8_10

url pkg:rpm/redhat/openssh@8.7p1-13.el9_0?arch=1

purl pkg:rpm/redhat/openssh@8.7p1-13.el9_0?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3mzh-y1ek-cqh9

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-13.el9_0%3Farch=1

url pkg:rpm/redhat/openssh@8.7p1-30.el9_2?arch=9

purl pkg:rpm/redhat/openssh@8.7p1-30.el9_2?arch=9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-30.el9_2%3Farch=9

url pkg:rpm/redhat/openssh@8.7p1-38.el9_4?arch=6

purl pkg:rpm/redhat/openssh@8.7p1-38.el9_4?arch=6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-38.el9_4%3Farch=6

url pkg:rpm/redhat/openssh@8.7p1-45.el9_6?arch=1

purl pkg:rpm/redhat/openssh@8.7p1-45.el9_6?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-45.el9_6%3Farch=1

url pkg:rpm/redhat/openssh@8.7p1-47?arch=el9_7

purl pkg:rpm/redhat/openssh@8.7p1-47?arch=el9_7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-47%3Farch=el9_7

url pkg:rpm/redhat/openssh@9.9p1-7.el10_0?arch=1

purl pkg:rpm/redhat/openssh@9.9p1-7.el10_0?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@9.9p1-7.el10_0%3Farch=1

url pkg:rpm/redhat/openssh@9.9p1-12?arch=el10_1

purl pkg:rpm/redhat/openssh@9.9p1-12?arch=el10_1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@9.9p1-12%3Farch=el10_1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61984

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01186
published_at	2026-04-02T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01197
published_at	2026-04-18T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01193
published_at	2026-04-12T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01201
published_at	2026-04-07T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01208
published_at	2026-04-08T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01211
published_at	2026-04-09T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01198
published_at	2026-04-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01195
published_at	2026-04-13T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01184
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.openwall.com/lists/oss-security/2025/10/06/1

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/

url

https://www.openwall.com/lists/oss-security/2025/10/06/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529
reference_id	1117529
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2401960
reference_id	2401960
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2401960

reference_url

https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2

reference_id

?l=openssh-unix-dev&m=175974522032149&w=2

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/

url

https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2

reference_url

https://www.openssh.com/releasenotes.html#10.1p1

reference_id

releasenotes.html#10.1p1

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/

url

https://www.openssh.com/releasenotes.html#10.1p1

reference_url	https://access.redhat.com/errata/RHSA-2025:23479
reference_id	RHSA-2025:23479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23479

reference_url	https://access.redhat.com/errata/RHSA-2025:23480
reference_id	RHSA-2025:23480
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23480

reference_url	https://access.redhat.com/errata/RHSA-2025:23481
reference_id	RHSA-2025:23481
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23481

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0685
reference_id	RHSA-2026:0685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0685

reference_url	https://access.redhat.com/errata/RHSA-2026:0693
reference_id	RHSA-2026:0693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0693

reference_url	https://access.redhat.com/errata/RHSA-2026:0976
reference_id	RHSA-2026:0976
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0976

reference_url	https://access.redhat.com/errata/RHSA-2026:1652
reference_id	RHSA-2026:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1652

reference_url	https://access.redhat.com/errata/RHSA-2026:1678
reference_id	RHSA-2026:1678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1678

reference_url	https://access.redhat.com/errata/RHSA-2026:1790
reference_id	RHSA-2026:1790
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1790

reference_url	https://access.redhat.com/errata/RHSA-2026:1815
reference_id	RHSA-2026:1815
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1815

reference_url	https://access.redhat.com/errata/RHSA-2026:1858
reference_id	RHSA-2026:1858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1858

reference_url	https://usn.ubuntu.com/8090-1/
reference_id	USN-8090-1
reference_type
scores
url	https://usn.ubuntu.com/8090-1/

reference_url	https://usn.ubuntu.com/8090-2/
reference_id	USN-8090-2
reference_type
scores
url	https://usn.ubuntu.com/8090-2/

Weaknesses

cwe_id	159
name	Improper Handling of Invalid Use of Special Elements
description	The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.

Exploits

Severity_range_score 3.6 - 5.3

Exploitability 0.5

Weighted_severity 4.8

Risk_score 2.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wga4-sqwk-4bfj

Vulnerability Instance