VulnerableCode Package Details - pkg:rpm/redhat/jsoncpp@1.7.7-1?arch=el7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/jsoncpp@1.7.7-1?arch=el7

Essentials
History (1)

purl	pkg:rpm/redhat/jsoncpp@1.7.7-1?arch=el7

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-9nj7-fupw-vqaw Aliases: CVE-2019-0223 GHSA-5h6x-m52p-23ph	Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability only affects the Qpid Proton C library and not `org.apache.qpid:proton-j`. This link has been maintained to preserve external references. ## Original Description While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:19:56.707718+00:00	RedHat Importer	Affected by	VCID-9nj7-fupw-vqaw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0223.json	38.0.0