Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-a7m6-uqbt-nqd9

Summary openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

Aliases

alias	CVE-2025-61985

Fixed_packages

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=x86&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=aarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=aarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=armhf&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=armhf&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=armhf&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=armv7&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=armv7&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=armv7&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=loongarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=loongarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=loongarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=ppc64le&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=ppc64le&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=ppc64le&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=riscv64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=riscv64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=riscv64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=s390x&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=s390x&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=s390x&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.0_p1-r10?arch=x86_64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssh@10.0_p1-r10?arch=x86_64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.0_p1-r10%3Farch=x86_64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armv7&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armv7&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=armv7&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=loongarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=loongarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=x86&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86_64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86_64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=x86_64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=riscv64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=riscv64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=aarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=aarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armhf&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=armhf&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armv7&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=armv7&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=loongarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=loongarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=ppc64le&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=s390x&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=s390x&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=s390x&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=x86&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86_64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=x86_64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=aarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=aarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=aarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armhf&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=armhf&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=armhf&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=ppc64le&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=ppc64le&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=riscv64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=riscv64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=riscv64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssh@10.1_p1-r0?arch=s390x&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssh@10.1_p1-r0?arch=s390x&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@10.1_p1-r0%3Farch=s390x&distroversion=v3.23&reponame=main

url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7?distro=trixie

purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7%3Fdistro=trixie

url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7

purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7

url	pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8?distro=trixie
purl	pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8%3Fdistro=trixie

url	pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl	pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9

url pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssh@1:10.1p1-1?distro=trixie
purl	pkg:deb/debian/openssh@1:10.1p1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.1p1-1%3Fdistro=trixie

url pkg:deb/debian/openssh@1:10.2p1-6?distro=trixie

purl pkg:deb/debian/openssh@1:10.2p1-6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-6%3Fdistro=trixie

url	pkg:deb/debian/openssh@1:10.3p1-1?distro=trixie
purl	pkg:deb/debian/openssh@1:10.3p1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-b4uc-yh56-muej

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3

purl pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-b4uc-yh56-muej

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-ha8v-pqwf-r3a1

vulnerability	VCID-hse5-y15y-n3dw

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3

url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7?distro=trixie

purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7%3Fdistro=trixie

url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7

purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-792n-jkzj-qqhd

vulnerability	VCID-8efr-budq-6bb6

vulnerability	VCID-a4eq-r71a-buhm

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-ajmg-5kgx-k7h5

vulnerability	VCID-bnrq-2fsr-mfgd

vulnerability	VCID-kgn5-p8kx-qucj

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7

url pkg:rpm/redhat/openssh@8.0p1-27?arch=el8_10

purl pkg:rpm/redhat/openssh@8.0p1-27?arch=el8_10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.0p1-27%3Farch=el8_10

url pkg:rpm/redhat/openssh@8.7p1-13.el9_0?arch=1

purl pkg:rpm/redhat/openssh@8.7p1-13.el9_0?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3mzh-y1ek-cqh9

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-13.el9_0%3Farch=1

url pkg:rpm/redhat/openssh@8.7p1-30.el9_2?arch=9

purl pkg:rpm/redhat/openssh@8.7p1-30.el9_2?arch=9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-30.el9_2%3Farch=9

url pkg:rpm/redhat/openssh@8.7p1-38.el9_4?arch=6

purl pkg:rpm/redhat/openssh@8.7p1-38.el9_4?arch=6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-38.el9_4%3Farch=6

url pkg:rpm/redhat/openssh@8.7p1-45.el9_6?arch=1

purl pkg:rpm/redhat/openssh@8.7p1-45.el9_6?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-45.el9_6%3Farch=1

url pkg:rpm/redhat/openssh@8.7p1-47?arch=el9_7

purl pkg:rpm/redhat/openssh@8.7p1-47?arch=el9_7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@8.7p1-47%3Farch=el9_7

url pkg:rpm/redhat/openssh@9.9p1-7.el10_0?arch=1

purl pkg:rpm/redhat/openssh@9.9p1-7.el10_0?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@9.9p1-7.el10_0%3Farch=1

url pkg:rpm/redhat/openssh@9.9p1-12?arch=el10_1

purl pkg:rpm/redhat/openssh@9.9p1-12?arch=el10_1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a7m6-uqbt-nqd9

vulnerability	VCID-wga4-sqwk-4bfj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@9.9p1-12%3Farch=el10_1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61985

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03681
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03634
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03694
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03706
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0371
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03732
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03671
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03644
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03622
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61985

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.openwall.com/lists/oss-security/2025/10/06/1

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/

url

https://www.openwall.com/lists/oss-security/2025/10/06/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530
reference_id	1117530
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2401962
reference_id	2401962
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2401962

reference_url

https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2

reference_id

?l=openssh-unix-dev&m=175974522032149&w=2

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/

url

https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2

reference_url

https://www.openssh.com/releasenotes.html#10.1p1

reference_id

releasenotes.html#10.1p1

reference_type

scores

value	3.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/

url

https://www.openssh.com/releasenotes.html#10.1p1

reference_url	https://access.redhat.com/errata/RHSA-2025:23479
reference_id	RHSA-2025:23479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23479

reference_url	https://access.redhat.com/errata/RHSA-2025:23480
reference_id	RHSA-2025:23480
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23480

reference_url	https://access.redhat.com/errata/RHSA-2025:23481
reference_id	RHSA-2025:23481
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23481

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0685
reference_id	RHSA-2026:0685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0685

reference_url	https://access.redhat.com/errata/RHSA-2026:0693
reference_id	RHSA-2026:0693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0693

reference_url	https://access.redhat.com/errata/RHSA-2026:0976
reference_id	RHSA-2026:0976
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0976

reference_url	https://access.redhat.com/errata/RHSA-2026:1652
reference_id	RHSA-2026:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1652

reference_url	https://access.redhat.com/errata/RHSA-2026:1678
reference_id	RHSA-2026:1678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1678

reference_url	https://access.redhat.com/errata/RHSA-2026:1790
reference_id	RHSA-2026:1790
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1790

reference_url	https://access.redhat.com/errata/RHSA-2026:1815
reference_id	RHSA-2026:1815
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1815

reference_url	https://access.redhat.com/errata/RHSA-2026:1858
reference_id	RHSA-2026:1858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1858

reference_url	https://usn.ubuntu.com/8090-1/
reference_id	USN-8090-1
reference_type
scores
url	https://usn.ubuntu.com/8090-1/

reference_url	https://usn.ubuntu.com/8090-2/
reference_id	USN-8090-2
reference_type
scores
url	https://usn.ubuntu.com/8090-2/

Weaknesses

cwe_id	158
name	Improper Neutralization of Null Byte or NUL Character
description	The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

Exploits

Severity_range_score 3.6 - 5.3

Exploitability 0.5

Weighted_severity 4.8

Risk_score 2.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7m6-uqbt-nqd9

Vulnerability Instance