VulnerableCode Package Details - pkg:rpm/redhat/ssmtp@2.64-14?arch=el7map

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/ssmtp@2.64-14?arch=el7map

Essentials
History (6)

purl	pkg:rpm/redhat/ssmtp@2.64-14?arch=el7map

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-3s88-wdk6-xyh6 Aliases: CVE-2017-7554	RHMAP: Stored XSS in App Store	There are no reported fixed by versions.
VCID-6wfy-67je-97h1 Aliases: CVE-2017-1000117	A command injection vulnerability in Git may allow remote attackers to execute arbitrary code.	There are no reported fixed by versions.
VCID-am2z-v7gj-nqch Aliases: CVE-2017-15010 GHSA-g7q5-pjjr-gqvp	Uncontrolled Resource Consumption An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.	There are no reported fixed by versions.
VCID-db8x-2vgu-47gu Aliases: CVE-2017-7553	RHMAP: SSRF via external_request feature of App Studio	There are no reported fixed by versions.
VCID-tdkc-7dbb-uudh Aliases: CVE-2017-7552	RHMAP Millicore IDE allows RCE on SCM	There are no reported fixed by versions.
VCID-yk3z-5fjt-q7gb Aliases: CVE-2018-3728 GHSA-jp4x-w63m-7wgm	Prototype Pollution in hoek Versions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution. The `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property. This can be demonstrated like so: ```javascript var Hoek = require('hoek'); var malicious_payload = '{"__proto__":{"oops":"It works !"}}'; var a = {}; console.log("Before : " + a.oops); Hoek.merge({}, JSON.parse(malicious_payload)); console.log("After : " + a.oops); ``` This type of attack can be used to overwrite existing properties causing a potential denial of service.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:29:12.154255+00:00	RedHat Importer	Affected by	VCID-6wfy-67je-97h1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000117.json	38.0.0
2026-04-01T14:28:56.885704+00:00	RedHat Importer	Affected by	VCID-am2z-v7gj-nqch	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15010.json	38.0.0
2026-04-01T14:28:55.596170+00:00	RedHat Importer	Affected by	VCID-db8x-2vgu-47gu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7553.json	38.0.0
2026-04-01T14:28:55.367675+00:00	RedHat Importer	Affected by	VCID-3s88-wdk6-xyh6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7554.json	38.0.0
2026-04-01T14:28:55.127206+00:00	RedHat Importer	Affected by	VCID-tdkc-7dbb-uudh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7552.json	38.0.0
2026-04-01T14:26:09.651595+00:00	RedHat Importer	Affected by	VCID-yk3z-5fjt-q7gb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3728.json	38.0.0